Validation Framework
Test Bed Overview
The test bed provides provision to emulate an attack environment to test all the next-generation firewall features on the SRX Series Firewall. The test bed is comprised of the following zone configurations:
Test Bed | ||
---|---|---|
Zone | Emulated Role | Description |
untrust | Internet facing interface | Simulated untrusted zone facing the Internet edge. |
services | Zone hosting services in data center environment | Simulated zone with webservers/windows server hosting a range of services is configured. |
trust | Zone hosting all trusted clients | Simulated environment with all trusted clients are connected that utilize services offered in the data center environment. |
If this was a production environment, we need to configure public IP addresses on interfaces in the untrusted zone and private IP addresses on interfaces in the trust zone. NAT must be enabled for services that need access to Internet resources.
Platforms / Devices Under Test (DUT)
In this JVD, all tests are conducted on an engineering recommended Junos OS release.
The tests conducted are:
- SRX4600 that supports Junos OS Release 23.2R2.11.
- Real-time server/client:
- Kali Linux server with attacker role.
- Windows client with client role and supports Windows 10 OS.
- Linux client with client role and supports CentOS 7.
- IXIA (IxLoad) with traffic generator (baselined traffic) role.
- Linux server with webserver role and supports CentOS 7.
Test Bed Configuration
The appendix provides detailed next-generation firewall security configurations. Figure 1 shows a workflow diagram regarding the high-level architecture of this JVD environment.