Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Validation Framework

Test Bed Overview

The test bed provides provision to emulate an attack environment to test all the next-generation firewall features on the SRX Series Firewall. The test bed is comprised of the following zone configurations:

Table 1: Test Bed
Test Bed
Zone Emulated Role Description
untrust Internet facing interface Simulated untrusted zone facing the Internet edge.
services Zone hosting services in data center environment Simulated zone with webservers/windows server hosting a range of services is configured.
trust Zone hosting all trusted clients Simulated environment with all trusted clients are connected that utilize services offered in the data center environment.

If this was a production environment, we need to configure public IP addresses on interfaces in the untrusted zone and private IP addresses on interfaces in the trust zone. NAT must be enabled for services that need access to Internet resources.

Platforms / Devices Under Test (DUT)

In this JVD, all tests are conducted on an engineering recommended Junos OS release.

The tests conducted are:

  • SRX4600 that supports Junos OS Release 23.2R2.11.
  • Real-time server/client:
    • Kali Linux server with attacker role.
    • Windows client with client role and supports Windows 10 OS.
    • Linux client with client role and supports CentOS 7.
    • IXIA (IxLoad) with traffic generator (baselined traffic) role.
  • Linux server with webserver role and supports CentOS 7.

Test Bed Configuration

The appendix provides detailed next-generation firewall security configurations. Figure 1 shows a workflow diagram regarding the high-level architecture of this JVD environment.