[j-nsp] Inserting security policies on SRX
James S. Smith
JSmith at WindMobile.ca
Wed May 1 10:36:00 EDT 2013
Is something funny going on with the mailing list? I sent this original email 2 years ago.
Also saw a bunch of other emails get sent out that people had sent from 2009 and 2010
From: Michael Loftis [mailto:mloftis at wgops.com]
Sent: May-01-13 10:28 AM
To: James S. Smith
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Inserting security policies on SRX
I've found the "insert" and similar commands often get confused as to what you mean and where unless you move into the hierarchy closest to where you're working first by doing "edit security policies from-zone it_staff to-zone untrust" then doing your insert X before Y statement from that part of the hierarchy.
On Mon, Jul 18, 2011 at 1:07 PM, James S. Smith <JSmith at windmobile.ca<mailto:JSmith at windmobile.ca>> wrote:
I have an SRX240 running 11.1R2.3, and occasionally I have to add new policies. The obvious choice would seem to be use the insert command but I'm getting some weird errors. For example, I have a number of policies for the different protocols going between the IT staff and the untrust zone. When trying to insert a new policy the SRX complains the policy does not exist.
jsmith at fw01# insert security policies from-zone it_staff to-zone untrust policy it_staff-untrust-windows-rdp before policy it_staff-untrust-default
error: statement 'it_staff-untrust-windows-rdp' not found
James S. Smith Network Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
Email: JSmith at WindMobile.ca<mailto:JSmith at WindMobile.ca>
Direct: 416-640-9792<tel:416-640-9792>
Fax: 416-987-1203<tel:416-987-1203>
[cid:image001.png at 01CE4657.AB7406D0]<http://www.windmobile.ca/>[cid:image002.png at 01CE4657.AB7406D0]<http://www.facebook.com/WINDmobile>[cid:image003.png at 01CE4657.AB7406D0]<http://www.twitter.com/WINDmobile>
[cid:image004.png at 01CE4657.AB7406D0]<http://www.windmobile.ca/>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/67deee80/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 2670 bytes
Desc: image001.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/67deee80/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 1902 bytes
Desc: image002.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/67deee80/attachment-0005.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 2199 bytes
Desc: image003.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/67deee80/attachment-0006.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image004.png
Type: image/png
Size: 2828 bytes
Desc: image004.png
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20130501/67deee80/attachment-0007.png>
More information about the juniper-nsp
mailing list