Uncategorized

Policy Rematch Let’s now talk about an interesting topic called policy rematch. Policy Rematch is a configuration on the SRX device that causes the revaluation of an active session when its associated security policy is modified. That means when the security policy associated with a session is modified, the session will remain open if it still matches the policy that allowed the session initially. But the session will close if the associated policy is renamed, deactivated, or deleted. In other words, if a policy initially allowed a session to be…

Policy Precedence Welcome back. Let’s now talk about policy proceedings. If we have multiple security policies that have similar match criteria, which policy will be applied first? That question is answered by policy proceedings. Policy proceedings act as a tiebreaker when we have multiple policies with similar criteria. Let me show you with an example. Here we have a security policy that matches traffic from the trust zone to the untrust zone. It’s called “allow telnet.” It matches any source address and any destination address, and the application is telnet….

Security Policies Welcome back. It’s now time to shift our attention to another topic known as security policies. So, in this section, we’ll look at what security policies are. How can security policies be used to control traffic passing through the network? How to configure and monitor security policies; things to keep in mind while designing security policies; objects that can be referenced within security policies And then we’ll also talk about global policies, how to activate security policies during specific time periods, how to configure intrusion detection and prevention,…

Configuring Address Objects Welcome back. So we’ve talked about the different address objects that can be created on an SRX device. Now let’s see how we can configure them. So I’m already at the terminal of the SRX device. I’m going to enter configuration mode, and let’s start by taking a look at the output of the show security command. As you can see here, I’ve got a simple configuration. I’ve got three zones configured: trust, trust, and DMZ. Let’s start by talking about the global address book. The way…

Security Zones Welcome back. Now we’re going to move into the second section of the Gncia security exam curriculum. In this section, we’ll focus on security zones, host inbound traffic, address objects, application objects, and screens. Let’s start with the first topic, security zones. So what is a security zone? Well, a security zone is a logical entity that you configure on your SRX device and that is used to designate segments of your network. Interfaces are then associated with security zones. This allows you to logically group interfaces with…

Static NAT Welcome back. Let’s now talk about the third type of net, which is known as a static knit. In a way, static net is a combination of sourcenet and destination net. Since we’ve already understood what sourcenet and destination net are, it should be very easy for us to understand the concepts of static NAT. Static netting creates a one-to-one mapping of one IP subnet to another IP subnet. It allows source address translation in one direction and destination address translation in the reverse direction. So let’s understand…

Destination NAT Welcome to this video. On the second type of Nat configuration, known as the destination net, If you found the concept of “source Nat” interesting, I promise you this is going to be even more interesting. In this lecture, we’ll talk about the concepts and the working mechanism of the destination net. And in the next lecture, we’ll understand how to configure that. So what is destination.net or what is it used for? Destination net is used to translate the destination IP address of a packet. This is…

Configure Interface-based Source NAT Welcome back. It’s now configuration time. Let’s look at a sourcenet configuration example, ado’s hatband we’ll begin with configuration, which is anion which i- intersourcenet.  sourcenet. Now here’s the conscenario thatcenariothat we ‘ruse. in to usage hade vices. wo devices. The original source IP addresses are 192–9216-8151. They16-8151they are both going to connect vide vice and device and try to reach a server sittDMZ zone, the DMZzone which has an IP 10ress 1 one dot. The dot 50 the hosts trust zonae trust zone and the…

Introduction to NAT All right, so now it’s time to shift gears. We are now going to talk about “net,” or network address translation. In this section, we’ll understand what “net” is, what the benefits of configuring “net” are, and what the different types of “net” are that can be configured on an SRX device. Let’s begin by understanding what inset, or network address translation, is. In simple words, “net” is a mechanism that allows you to translate the IP address of a device. And this includes both source and…

J-Web All right, welcome back. We’re now in the last section of the course, and in this section, we’re going to focus on three topics. The first one is JWeb, which we’re going to talk about in this video. We’ll then talk about two modes of logging: stream mode logging and event mode logging. And then finally, we’ll talk about Juno, the space security director. The exam blueprint also has one more topic in this section called SKY 80. But we’ve already spoken about that in an earlier section. So…