[j-nsp] SRX and "any" policy
Korrub, Geoff
gkorrub at j-solve.com
Tue Jan 19 01:21:18 EST 2010
I think this is what you are looking for. Just put all of the non-management interfaces under the zone .
security {
zones {
security-zone route {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
fe-0/0/2.0;
lo0.0;
ge-0/0/1.0;
lsq-0/0/0.0;
}
}
}
policies {
default-policy {
permit-all;
}
}
}
________________________________________
From: juniper-nsp-bounces at puck.nether.net [juniper-nsp-bounces at puck.nether.net] On Behalf Of Sven Juergensen (KielNET) [s.juergensen at kielnet.de]
Sent: Monday, January 18, 2010 1:58 AM
To: juniper-nsp at puck.nether.net
Subject: [j-nsp] SRX and "any" policy
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi list,
in ScreenOS-lingo, the 'any' for a zone
does just that. in JUNOS on the branch-SRX
firewalls, there apparently isn't an equi-
valent. So, one might think that it's poss-
ible to define an 'any' zone and put every
interface into it. Well, the interfaces poof
when assigned to a different zone.
Is there any way to have an 'any' zone on
the SRX boxes? Surely I am missing something.
Thanks and regards,
Mit freundlichen Gruessen,
i. A. Sven Juergensen
- --
Fachbereich
Netze und Rechenzentren
KielNET GmbH
Gesellschaft fuer Kommunikation
Preusserstr. 1-9, 24105 Kiel
Telefon : 0431 2219-053
Mobil : 0170 403 5600
Telefax : 0431 2219-005
E-Mail : s.juergensen at kielnet.de
Internet: http://www.kielnet.de
Geschaeftsfuehrer Eberhard Schmidt
HRB 4499 (Amtsgericht Kiel)
PGP details at
http://pgp.kielnet.de/sjuergensen/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
iEYEARECAAYFAktUFLwACgkQnEU7erAt4TIORACfYeC8whDkIg4hbiDK0QIEreGS
14cAn0svLkHof8o0YrcOJeXW5PDjf6OI
=QV1i
-----END PGP SIGNATURE-----
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list