--> Juniper SRX devices can operate in two different modes : i) Flow Mode ii) Packet Mode
--> In Flow mode, Juniper SRX device acts as Firewall which checks all the security policies to allow the traffic.
--> In Packet mode,Juniper SRX device acts as Router which checks at the routing table to forward the traffic.
--> By default all the Juniper SRX devices will work in Flow Mode.
--> If you want to make the Juniper SRX as Router then disable or delete all the security related configurations.
--> We can change Juniper SRX mode from Flow mode to Packer Mode using two methods
i) Method 1
--> Delete all the Security related configurations in Juniper Srx Firewall
NOCUSER@SRX210# delete security
--> Change the Mode from Flow Mode to Pacet Mode
NOCUSER@SRX210# set security forwarding-options family mpls mode packet-based
--> Save the Configuration
NOCUSER@SRX210# commit
--> Restart the SRX Firewall
NOCUSER@SRX210# run request system reboot
ii) Method 2 ( Using Fiewall Filters we can also change the mode from Flow to Packet)
--> Create Firewall Filter named ChangeMode in Srx Firewall
NOCUSER@SRX210# set firewall filter ChangeMode term 1 from source-address 1.1.1.1/32
NOCUSER@SRX210#set firewall filter ChangeMode term 1 then packet-mode
NOCUSER@SRX210# set firewall filter ChangeMode term 2 then accept
--> Implement on the interface
NOCUSER@SRX210# set interfaces G0 unit 0 family inet filter input ChangeMode
Note: By using Second Method we can configure Packet Mode and Flow Mode at a time on the Juniper SRX.
--> In Flow mode, Juniper SRX device acts as Firewall which checks all the security policies to allow the traffic.
--> In Packet mode,Juniper SRX device acts as Router which checks at the routing table to forward the traffic.
--> By default all the Juniper SRX devices will work in Flow Mode.
--> If you want to make the Juniper SRX as Router then disable or delete all the security related configurations.
--> We can change Juniper SRX mode from Flow mode to Packer Mode using two methods
i) Method 1
--> Delete all the Security related configurations in Juniper Srx Firewall
NOCUSER@SRX210# delete security
--> Change the Mode from Flow Mode to Pacet Mode
NOCUSER@SRX210# set security forwarding-options family mpls mode packet-based
--> Save the Configuration
NOCUSER@SRX210# commit
--> Restart the SRX Firewall
NOCUSER@SRX210# run request system reboot
ii) Method 2 ( Using Fiewall Filters we can also change the mode from Flow to Packet)
--> Create Firewall Filter named ChangeMode in Srx Firewall
NOCUSER@SRX210# set firewall filter ChangeMode term 1 from source-address 1.1.1.1/32
NOCUSER@SRX210#set firewall filter ChangeMode term 1 then packet-mode
NOCUSER@SRX210# set firewall filter ChangeMode term 2 then accept
--> Implement on the interface
NOCUSER@SRX210# set interfaces G0 unit 0 family inet filter input ChangeMode
Note: By using Second Method we can configure Packet Mode and Flow Mode at a time on the Juniper SRX.
0 comments:
Post a Comment