[j-nsp] Inserting security policies on SRX
James S. Smith
JSmith at WindMobile.ca
Mon Jul 18 16:38:12 EDT 2011
Never mind, answered my own question. Didn't realize you have to define the policy first and let it be added to the bottom of the list, and then use the insert statement to move it.
James S. Smith Network Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
Email: JSmith at WindMobile.ca
Direct: 416-640-9792
Fax: 416-987-1203
[cid:image001.png at 01CC4569.14140240]<http://www.windmobile.ca/>[cid:image002.png at 01CC4569.14140240]<http://www.facebook.com/WINDmobile>[cid:image003.png at 01CC4569.14140240]<http://www.twitter.com/WINDmobile>
[cid:image004.png at 01CC4569.14140240]<http://www.windmobile.ca/>
From: James S. Smith
Sent: Monday, July 18, 2011 4:07 PM
To: juniper-nsp at puck.nether.net
Subject: Inserting security policies on SRX
I have an SRX240 running 11.1R2.3, and occasionally I have to add new policies. The obvious choice would seem to be use the insert command but I'm getting some weird errors. For example, I have a number of policies for the different protocols going between the IT staff and the untrust zone. When trying to insert a new policy the SRX complains the policy does not exist.
jsmith at fw01# insert security policies from-zone it_staff to-zone untrust policy it_staff-untrust-windows-rdp before policy it_staff-untrust-default
error: statement 'it_staff-untrust-windows-rdp' not found
James S. Smith Network Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
Email: JSmith at WindMobile.ca
Direct: 416-640-9792
Fax: 416-987-1203
[cid:image001.png at 01CC4569.14140240]<http://www.windmobile.ca/>[cid:image002.png at 01CC4569.14140240]<http://www.facebook.com/WINDmobile>[cid:image003.png at 01CC4569.14140240]<http://www.twitter.com/WINDmobile>
[cid:image004.png at 01CC4569.14140240]<http://www.windmobile.ca/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110718/9f362747/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2670 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110718/9f362747/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1902 bytes
Desc: image002.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110718/9f362747/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2199 bytes
Desc: image003.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110718/9f362747/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2828 bytes
Desc: image004.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20110718/9f362747/attachment-0007.png>
More information about the juniper-nsp
mailing list