Related Documentation
Understanding Branch SRX Series Stateful Firewall Functionality
Your branch SRX Series includes a stateful firewall, which tracks the state of each traffic flow or stream and uses dynamic packet inspection to identify patterns in data packets that might represent a threat to your network. This feature protects hosts from communicating with compromised or malicious users or applications.
The branch SRX Series uses zones and policies to provide firewall configuration.
Although zones and policies can have user-defined configurations, the factory-default configuration contains, at a minimum, a “trust” and “untrust” zone. The trust zone is used for configuration and attaching the internal LAN to the branch SRX Series. The untrust zone is commonly used for the WAN or untrusted Internet interface.
To simplify installation and make configuration easier, a default policy is in place that allows traffic originating from the trust zone to the untrust zone. You are not required to configure a deny policy from the untrust zone to any other zones, because the device drops the traffic by default if there is no policy defined for any traffic.
By using the J-Web interface or CLI, you can create a series of security policies that can control the traffic from within and in between zones by defining policies.
