[j-nsp] Firewall best practices
Ben Dale
bdale at comlinx.com.au
Mon Jun 11 21:11:01 EDT 2012
Nice - Thanks Tim!
The 11.4 release note for this feature and what it means doesn't read half as well as they should ; )
Now if only there was a release of 11.4 for SRX that didn't make baby kittens cry!
On 12/06/2012, at 10:08 AM, Tim Eberhard wrote:
> Ben,
>
> let me introduce you to my little friend called the global address
> book. Introduced in 11.4.
>
> set security address-book global address p1 192.168.1.13/32
>
> -Tim Eberhard
>
> On Mon, Jun 11, 2012 at 7:04 PM, Ben Dale <bdale at comlinx.com.au> wrote:
>>
>> What would really help though is if Junos allowed multiple address-books to be bound to a single zone - that way, SRXs buried deeper in your network would have access to all address-book entries on a single upstream zone with very little configuration management. I'm sure this concept would make tools like Space and NSM easier to use as well - Juniper SRX PLMs are you listening out there? SAVE US!
>>
>> Cheers,
>>
>> Ben
>
More information about the juniper-nsp
mailing list