Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Filters and Terms Configuration Summary for SRX Integration

    The SRX uses a pipeline of filters to be applied to incoming packets. Each filter contains any number of terms that can apply actions to these incoming packets. The first step in configuring WebApp Secure to work with the SRX is to configure the filters and terms required. WebApp Secure will require a valid IPv4 filter. This can be named anything and can be a filter already set up prior to \WebApp Secure integration. Remember this filter name, because you will input it into the WebApp Secure appliance once the SRX configuration has been completed.

    Along with a filter, you must create two terms. Unlike the filter, these terms cannot be modified by any other service. The first term is the term that IP addresses are added to in the event of an External Counter Response activation, and whose name will be supplied to configuration. The second term must be added as a safeguard which will determine what action to take when no IPs are in the first term. It is recommended that the second term be similar to the following:

    term jwas_default {then {accept;}}

    This should be placed after the blocking term. It allows all traffic through once the previous term's action has been changed to next term. Consult the SRX documentation for more information on the SRX and its filters.

    Note: Because the SRX will drop packets when next term is the action and no actual next term exists, it is important to have this additional term below the term which will contain the actual IPs.

    Warning: Any IPs added to the WebApp Secure term through the SRX CLI, the SRX GUI, or any other external service besides WebApp Secure, are not guaranteed to remain in the term.

    Published: 2013-11-20