Transparent Proxy Configuration on SRX Firewall

how to implement transparent proxy so any internet traffic(HTTP, HTTPS,FTP) does not go directly rather via proxy server.

In Cisco we can do  transparent proxy via WCCP, So how implement it with Juniper ?

set routing-options interface-routes rib-group inet IMPORT-PHY
set routing-options rib-groups IMPORT-PHY import-rib inet.0
set routing-options rib-groups IMPORT-PHY import-rib to-proxy.inet.0
set firewall family inet filter to-proxy term one from destination-port 80
set firewall family inet filter to-proxy term one from destination-port 443
set firewall family inet filter to-proxy term one from destination-port 21
set firewall family inet filter to-proxy term one then count to-proxy
set firewall family inet filter to-proxy term one then log
set firewall family inet filter to-proxy term one then routing-instance to-proxy
set firewall family inet filter to-proxy term two then count to-default-route
set firewall family inet filter to-proxy term two then log
set firewall family inet filter to-proxy term two then accept
set routing-instances to-proxy instance-type forwarding
set routing-instances to-proxy routing-options static route 0.0.0.0/0 next-hop X.X.X.X

While x.x.x.x your proxy server IP .

Then, you apply that filter as a family inet filter to an interface:

set interfaces ae0.6 family inet filter input to-proxy

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s