Using the Juniper SRX as a routing device

Since the Juniper SRX is a firewall, as a result it runs in what is known as ‘flow mode’, allowing segregation of LAN segments into security zones and subsequently the application of policies between these zones.

A useful application of the above for me personally, was due to the fact that I use Juniper vSRX devices to quickly lab up juniper topics that mostly purely routing based.

If your device is not going to be used as a firewall then you can configure Security Policies (first) to permit all traffic by default and then Security Zones security-zone (name of zone) to allow all host and protocol traffic as below. This method will still allow you to control flows using policies if required.



Alternatively, if you no longer ‘flow mode’ at all, you can switch to ‘packet mode’ as below in edit mode, this will require a reboot:

  1.  Delete the Security Clause from your config – #delete security
  2.  Set Packet Mode – # set security forwarding-options family mpls mode packet-based
  3. Commit Check / Commit – #commit check      #commit
  4. Reboot – #run request system reboot


Leave a Reply

Your email address will not be published. Required fields are marked *