[j-nsp] Using apply-groups for last policy on SRX
John Center
john.center at villanova.edu
Tue Jun 28 11:57:24 EDT 2011
Hi,
Is it possible to use apply-group to set the last security policy
between zones? I'm trying to avoid changing the default policy from
deny all, but I want to do something like this:
groups {
PERMIT-ALL {
security {
policies {
from-zone <*> to-zone <*> {
policy PERMIT-ALL {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
}
}
}
}
}
}
}
...
security {
policies {
from-zone PROD-SYSTEMS to-zone ADMIN-SYSTEMS {
policy XXXX {
match {
source-address any;
destination-address any;
application XXXX;
}
then {
permit;
}
}
...
apply-groups PERMIT-ALL;
}
}
}
After I'm confident I got all of the applications I need policies for, I
just want to remove the apply-groups statement. Does this make sense?
Is there another/better/easier way to do this?
Thanks.
-John
More information about the juniper-nsp
mailing list