Exception traffic, including management and control plane traffic, is handled by examining host-inbound traffic configurations at the ingress interface and zone. It ensures traffic reaches necessary services like SSH and IKE securely. See Juniper Host Inbound Traffic Documentation for more.
SRX Series devices handle exception traffic (such as management traffic like SSH, Telnet, DNS queries, etc.) differently than regular transit traffic. Exception traffic is examined based on host-inbound traffic for the ingress interface and zone. If traffic is destined for the device itself (e.g., management traffic or routing protocol messages), it must be allowed as host-inbound traffic on both the ingress interface and zone.
Example Command:
bash
set security zones security-zone trust host-inbound-traffic system-services ssh
This ensures that traffic destined to the SRX device is inspected based on the ingress interface and zone.
[: Juniper documentation on host-inbound traffic and exception handling., , ==========]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit