[j-nsp] Configuring policies on SRX Cluster
dickeypjeep at yahoo.com
Thu Aug 9 18:33:14 EDT 2012
You may look at "global policies" on the SRX. It may simplify your configuration (if I'm understanding you correctly.)
From: Shombra Shombra <shombra at shombra.com.br>
To: juniper-nsp at puck.nether.net
Sent: Thursday, August 9, 2012 8:40 AM
Subject: [j-nsp] Configuring policies on SRX Cluster
Hello, First sorry for my english. I have many clients, one client and services per VLAN. On SRX I try to configure 7 clients and 3 services and 1 WAN, who some client and service has one VLAN and one ZONE. eg: Clients: Client 1 - VLAN 10 - Zone v10-Client-1 Client 2 - VLAN 20 - Zone v20-Client-2 Client 3 - VLAN 30 - Zone v30-Client-3 .... Client 6 - VLAN 60 - Zone v60-Client-6 Client 7 - VLAN 70 - Zone v70-Client-7 and Services: E-mail - VLAN 100 zone v100-EMAIL DNS - VLAN 200 - zone v200-DNS WEB - VLAN 300 - zone v300-WEB and WAN - reth1.0 - zone WAN if some client need access my e-mail i have to create a policy from v10-Client-1 to v100-EMAIL , if Client-2 need share the e-mail port to the word, I need open 25 for WAN, but if Client-3 have to send a e-mail for Client-2 i need create a policy from zone v30-Client-3 to zone v20-Client-2. if I have 1000 clients, this policies had became a mess.
Someone has a solution for my policies to do not get messy? Best regards Carlos A. Bernardi F.
juniper-nsp mailing list juniper-nsp at puck.nether.net
More information about the juniper-nsp