I hope that this is a softball question, but I'm stuck at the moment and could use some pointers.
I have an SRX1500, it is connecting to an ISP with a /28 range. This unit will not be my primary firewall, but rather another firewall will be connecting to it (which will also control DMZs etc). There will be other VPN appliances connecting to the SRX too.
I want to provide these devices public addresses from the /28 ISP range for their "public" interfaces.
So, my assumption is that I need to setup a Layer2 vlan across the ports that will be connecting to the ISP and these devices.
When I do this, things seem to work, but the SRX itself is unable to communicate out - I think because there are no ports setup in Zones to allow it's own traffic out.
If I setup the port ge-0/0/0.0 (ISP port) as part of a zone, the SRX can then go out, but the vlan cannot, and I don't seem to be able to add zones to vlans.
Maybe I just need to step away from it for the night, but hopefully someone here can show me what I'm missing.
Thank you