vGW Series and Junos SRX Series Security Zones

This topic includes the following sections:

About SRX Series Services Gateway Security Zones

A security zone is a collection of one or more network segments on SRX Series devices requiring the regulation of inbound and outbound traffic through policies.

Security zones are logical entities to which one or more interfaces on the SRX Series device are bound.

On a single SRX Series device, you can configure multiple security zones, dividing the network into segments to which you can apply various security options to satisfy the needs of each segment. You can define many security zones, bringing finer granularity to your physical network security design—and without deploying multiple security appliances to do so.

From the perspective of security policies, traffic enters into one security zone and goes out on another security zone. This combination of a from-zone and a to-zone is defined as a context. Each context contains an ordered list of policies.

SRX Series devices support many types of security zones.

SRX Series Services Gateway Zones and the vGW Series

The vGW Series zones synchronization feature provides an automated way to link the vGW Series virtualized security layer with the SRX Series Services Gateway physical device and network security.

The vGW Series zone feature simplifies VM-to-zone mapping by importing into the virtualized environment zones configured on SRX Series devices.

You can use these zone assignments to:

The process that the vGW Series undertakes to synchronize SRX Series zones with VMs consists of a number of steps, including defining:

vGW Series also validates that Smart Groups dynamically associated each VM are associated with the appropriate zone. This process allows for policy enforcement between vGW Series VMs and SRX Series zones compliance validations.

Related Application Note

For additional information on vGW Series integration with other Juniper Networks products, including in-depth coverage of STRM, SRX for zone synchronization, and SRX-IDP, see the Security Virtualization Application note at

Related Documentation