External Response Service: Filters and Terms Configuration Summary for SRX Series

The SRX series uses a pipeline of filters to be applied to incoming packets. Each filter contains any number of terms that can apply actions to these incoming packets. The first step in configuring WebApp Secure to work with the SRX series is to configure the filters and terms required. WebApp Secure will require a valid IPv4 filter. This can be named anything and can be a filter already set up prior to \WebApp Secure integration. Remember this filter name, because you will input it into the WebApp Secure appliance once the SRX series configuration has been completed.

Along with a filter, you must create two terms. Unlike the filter, these terms cannot be modified by any other service. The first term is the term that IP addresses are added to in the event of an External Counter Response activation, and whose name will be supplied to configuration. The second term must be added as a safeguard which will determine what action to take when no IPs are in the first term. It is recommended that the second term be similar to the following:

term jwas_default {then {accept;}}

This should be placed after the blocking term. It allows all traffic through once the previous term's action has been changed to next term. Consult the SRX series documentation for more information on the SRX series and its filters.

Note: Because the SRX series will drop packets when next term is the action and no actual next term exists, it is important to have this additional term below the term which will contain the actual IPs.

Warning: Any IPs added to the WebApp Secure term through the SRX series CLI, the SRX series GUI, or any other external service besides WebApp Secure, are not guaranteed to remain in the term.

Related Documentation