Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Allowing SSH and Ping to a Public Subnet

Allowing SSH and Ping to a Public Subnet

In this topic, learn how to configure the IBM Cloud™ Juniper vSRX Virtual Firewall Standard with a new interface, zone, and address-book. As the default action for all traffic is to drop, this guide shows how to set up traffic flows that allow all traffic within the new zone, all traffic from the new zone to the internet, and allow only SSH and ping from the internet to one subnet on the new VLAN.

In this example, the values used are - Public vlan: 1523 Public subnet:


This step-by-step assumes that a high-availability deployment of the vSRX Virtual Firewall, with a single Public VLAN and subnet.

Follow the steps listed to configure the service:



Create a new interface, zone, and address-book subnet

Create the tagged interface unit and security zone for the new VLAN.

Creating your new traffic flows

Create the new traffic flows to allow inbound pinging and SSH.

Confirming the output and committing the changes

Check the output to confirm what will be committed to the active configuration.