VLANs to SRX Configuration

Hi All:

I have a VC consisting of an EX4550-32F and an EX4200-48T on which there are two VLANs. These are connected to a SRX240H, each EX vlan with it's own SRX interface.

The vlans on the EX are currently configured as follows:

   vlans {

      data_centre {

         vlan-id 89;

         l3-interface vlan.89;

      }

      dmz {

         vlan-id 88;

      }

   }

The VLAN interface configuration on the EX is below:

   interfaces vlan {

      unit 89 {

         family inet {

            address 10.89.50.253/16;

         }

      }

      unit 88 {

         family inet {

            address 10.88.50.253/16;

         }

      }

   }

EX Routing options:

static route 0.0.0.0/0 next-hop 10.89.50.254;

EX Interface assigment to VLANs:

On thte EX VC we have xe0/0/0 - xe0/0/31, ge-1/0/12 - ge-1/0/47 configured for data_centre VLAN

and ge-1/0/0 to ge-1/0/11 configured for the dmz.

Each VLAN has one interface physically connected to an interface on an SRX 240H.

SRX ge-0/0/6.0 ----- EX ge-1/0/0.0    (dmz)

SRX ge-0/0/7.0 ----- EX ge-1/0/12.0  (data_centre)

SRX VLAN interfaces are configured as follows:

   interfaces vlan {

      unit 88 {

         family inet {

            10.88.50.254/16;

         }

      }

      unit 89 {

         family inet {

            address 10.89.50.254/16;

         }

      }

SRX interfaces: 

    ge-0/0/6.0 {

         family ethernet-switching {

            port-mode trunk;

            vlan {

               members dmz-88;

            }

         }

      }

      ge-0/0/7.0 {

         family ethernet-switching {

            port-mode trunk;

            vlan {

               members datactr;

            }

         }

      }

SRX VLANs configuration:

   vlans {

      datactr {

         vlan-id 89;

         l3-interface vlan.89;

         }

      }

      dmz-88 {

         vlan-id 88;

         l3-interface vlan.88

         }

      }

   }

My Problem

The problem I am experiencing with this configuration is the routing of 10.88.xx.xx traffic. It appears to ingress via the SRX interface ge-0/0/6.0 but then returns via vlan.89 and SRX interface ge-0/0/7.0

I believe the problem lies with the EX VLANS configuration of dmz-88 which does not have an l3-interface configured and the EX qonly has one static route to 10.89.50.254. 

Posible Fix?

Firstly I want to stop the traffic traversing the VLANs on the EX, would I achieve this using firewall filters?

Second I need to fix the routing of the 10.88.xx.xx traffic. Could this be done by adding the l3-interface to the dmz-88 vlan and adding a static route from teh EX to 10.88.50.254 (SRX) ?

Any comments or assistance would be greatly appreciated.