Juniper Networks V10000 User Manual
Page 10
10
Copyright © 2010, Juniper Networks, Inc.
IMPLEMENTATION GUIDE -Juniper Networks SRX Series Services Gateways/Websense V10000
6. Add a security policy from user-lan to public-inet. This step is necessary to allow traffic to the Internet that does not
need to be processed by the Websense V10000.
admin@SRX# show security policies
from-zone user-lan to-zone public-inet {
policy permit-all {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
Note that you should follow this step if the public-inet security zone has already been configured. If this is not the case,
use the following to set up the interface and security zone.
admin@SRX# show interfaces ge-0/0/0
description “To Public Ineternet”;
unit 0 {
family inet {
address 66.97.23.82/24;
}
}
admin@SRX# show security zones
security-zone public-inet {
screen untrust-screen;
interfaces {
ge-0/0/0.0;
}
}
7. Add the V10000 “C” port address 172.25.44.19 to the management security zone address book. This step is necessary
so that the V10000 can redirect the user Web browser to the “C” port for blocked sites. Note that in addition to the
specific address, an “address-set” has also been defined. This was done should the network need to support multiple
V10000 appliances. Each additional “C” port would be included in the set, and the associated security policy (in an
upcoming step) would not need to be changed.
admin@SRX# show security zones
security-zone management {
address-book {
address V10000-alpha-c 172.25.44.19/32;
address-set V10000-c {
address V10000-alpha-c;
}
}
}