[j-nsp] Netscreen to SRX config Migration and Global Policy

Muhammad Atif Jauhar atif.jauhar at gmail.com
Sun Feb 9 07:23:33 EST 2014


Hi,

I am migrating Netscreen to SRX Firewall. I am facing issue to migrate
configuration of Global Policy.

In Netscreen we have few policies from (Specific Zone) to Global Zone.

set policy id 100 from "Trust" to "Global"  "x.x.x.x" "Any-IPv4" "HTTP"
permit log
set policy id 100
set service "HTTPS"
exit

I have configure same in SRX under GROUP hierarchy.

groups {
    node0 {
        security {
            policies {
                from-zone Trust to-zone <*> {
                    policy test {
                        match {
                            source-address x.x.x.x;
                            destination-address any;
                            application [junos-http
junos-https];                        }
                        then {
                            permit;
                        }
                    }
                }
            }
        }
    }
    node1 {
        security {
            policies {
                from-zone Trust  to-zone <*> {
                    policy test {
                        match {
                            source-address x.x.x.x;
                            destination-address any;
                            application [junos-http junos-https];
                        }
                        then {
                            permit;
                        }
                    }
                }
            }
        }
    }
}
apply-groups "${node}";


Similar I have few more policies from different specific zones to Global.

My question is that will I migrated this part correctly or not. If this is
not correct, kindly let me know correct way to configure similar to
netscreen policy.

Regards,

Muhammad Atif Jauhar
(+966-56-00-04-985)


More information about the juniper-nsp mailing list