I am looking to configure a Interface bridge on an SRX by bridging the WAN interface in the untrust zone to another physical interface in a DMZ zone. We are currently performing this on a SonicWall which allows us to physically assign the servers in the DMZ zone a public IP address and still have zone based rules, dpi, ips, etc. There will be no NAT in this scenario. The applications on the servers in this DMZ do not function properly with NAT hence the bridge requirement.
I belive I have found the equivalent in Juniper by specifying "family bridge" for each interface in the bridge along with an irb interface as well as specifying the specific interface in each zone. Am I on the right track here? I am about to test this on a SRX branch series before moving to a SRX 1500.
ge-0/0/1 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 110;
}
}
}
ge-0/0/2 {
unit 0 {
family bridge {
interface-mode access;
vlan-id 110;
}
}
}
irb {
unit 1 {
family inet {
address x.x.x.x/x;
}
}
}
security-zone untrust {
host-inbound-traffic {
system-services {
ssh;
ping;
}
}
interfaces {
ge-0/0/0.0;
}
security-zone DMZ {
host-inbound-traffic {
system-services {
ssh;
}
}
interfaces {
ge-0/0/2.0;
}
}