A branch SRX Series device in flow mode is forwarding between two virtual routers using a
paired set of logical tunnel interfaces. You have a server connected to one virtual router and
the client is on the other virtual router. How many security policies are needed to connect
from the client to the server across the logical tunnel link?
A.
2
B.
3
C.
0
D.
1
its we need two policies :
policies {
from-zone Z1 to-zone Z1 {
policy Z1-Z1 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
from-zone Z2 to-zone Z2 {
policy Z2-Z2 {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
A. You need indeed 2 policies:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB22053&actp=search
the final answer 2 right ?
It doesn’t say that they are in two different zones. If they are in the same zone, then it is only one policy.
one zone cannot contain 2 virtual routers . It needs 2 intra zone policies .Answer 2
You need two (2) sec policies.
Check the configuration example here:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB21260
on your LInk ,what about this?
Note: To establish communication (bidirectional) between two hosts which are in two separate security zones and routing instances, connected though a logical tunnel interface – the SRX Branch Series does not require any inter-zone security policy, all that is needed is an intra-zone policy.
only one policy is required. because srx branch series doesnt need interzone policy while using logical tunnel interface.so it would only need intra-zone which has only one policy .
D