Allowing SSH and Ping to a Public Subnet
Allowing SSH and Ping to a Public Subnet
In this topic, learn how to configure the IBM Cloud™ Juniper vSRX Virtual Firewall Standard with a new interface, zone, and address-book. As the default action for all traffic is to drop, this guide shows how to set up traffic flows that allow all traffic within the new zone, all traffic from the new zone to the internet, and allow only SSH and ping from the internet to one subnet on the new VLAN.
In this example, the values used are - Public vlan: 1523 Public subnet: 169.47.211.152/29.
This step-by-step assumes that a high-availability deployment of the vSRX Virtual Firewall, with a single Public VLAN and subnet.
Follow the steps listed to configure the service:
Task |
Description |
---|---|
Create the tagged interface unit and security zone for the new VLAN. |
|
Create the new traffic flows to allow inbound pinging and SSH. |
|
Check the output to confirm what will be committed to the active configuration. |