If you wish to allow the
untrust interface, which is usually
the Internet-facing interface on a
Juniper
Networks SRX router/firewall
running the
Junos operating system, to be pinged from external systems, you can use the
command set security zone security-zone untrust interface ge-0/0/0.0
host-inbound-traffic system-services ping after placing the device in
configuration mode with the configure command, presuming, of
course, that the untrust interface is ge-0/0/0.0. If it is some
other port on the router, substitute that port identifier, instead.root@Alder> configure Entering configuration mode [edit] root@Alder# set security zone security-zone untrust interface ge-0/0/0.0 host-inbound-traffic system-services ping [edit] root@Alder# commit commit complete [edit] root@Alder#
Afer committing the configuration, you should be able to successfully ping the IP address of the untrusted, i.e., Internet side of the device.
