[j-nsp] Inserting security policies on SRX

Michael Loftis mloftis at wgops.com
Wed May 1 10:27:33 EDT 2013 

I've found the "insert" and similar commands often get confused as to what
you mean and where unless you move into the hierarchy closest to where
you're working first by doing "edit security policies from-zone it_staff
to-zone untrust" then doing your insert X before Y statement from that part
of the hierarchy.


On Mon, Jul 18, 2011 at 1:07 PM, James S. Smith <JSmith at windmobile.ca>wrote:

> I have an SRX240 running 11.1R2.3, and occasionally I have to add new
> policies.  The obvious choice would seem to be use the insert command but
> I’m getting some weird errors.  For example, I have a number of policies
> for the different protocols going between the IT staff and the untrust
> zone.  When trying to insert a new policy the SRX complains the policy does
> not exist.****
>
> ** **
>
> jsmith at fw01# insert security policies from-zone it_staff to-zone untrust
> policy it_staff-untrust-windows-rdp before policy it_staff-untrust-default
> ****
>
> error: statement 'it_staff-untrust-windows-rdp' not found****
>
> ** **
>
> ** **
>
> ** **
>
> *James S. Smith *Network Architect****
>
> *WIND Mobile *207 Queen's Quay West, Suite 710* *Toronto, ON M5J 1A7****
>
> ** **
>
> *Email: *JSmith at WindMobile.ca**
>
> *Direct:* 416-640-9792****
>
> ** **
>
> *Fax: *416-987-1203  ****
>
> * *
>
> <http://www.windmobile.ca/> <http://www.facebook.com/WINDmobile><http://www.twitter.com/WINDmobile>
> ****
>
> <http://www.windmobile.ca/>****
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 

"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/7a842c4d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1902 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/7a842c4d/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2670 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/7a842c4d/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2828 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/7a842c4d/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2199 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/7a842c4d/attachment-0007.png>

More information about the juniper-nsp mailing list