My scenario is that I have SSG-320, which has untrust zone, DMZ1 and DMZ1 zones. Users from Untrust zone access the serves in DMZ1 and DMZ1. Now I place the IC in Untrust zone, which first check the identitiy and security status of end point before it acess the DMZ1 and DMZ2 servers.
My question is that how IC can push the appropriate resource policies to firewall from untrust zone to DMZ1 and DMZ2 respectively? How It knows this resource policy is from untrust to DMZ1 and that resource policy is from untrust to DMZ2 zone?
Solved! Go to Solution.
But still I am confuse for ipsec routing policy how firewall will know the direction of policy means from untrust to DMZ1 or untrust to DMZ2?
When you setup a policy on the SRX you, one of the action is to permit application UAC w/VPN. For the SSG is a bit different. On the SRX it seems the Zones does not make a difference when you specify them on the SRX. With the SSG it's a bit more integrated so it does matter which zone for either SRX or SSG and the firewall does know about it one way or the other.