[j-nsp] Netscreen to SRX config Migration and Global Policy
Muhammad Atif Jauhar
atif.jauhar at gmail.com
Sun Feb 9 07:23:33 EST 2014
Hi,
I am migrating Netscreen to SRX Firewall. I am facing issue to migrate
configuration of Global Policy.
In Netscreen we have few policies from (Specific Zone) to Global Zone.
set policy id 100 from "Trust" to "Global" "x.x.x.x" "Any-IPv4" "HTTP"
permit log
set policy id 100
set service "HTTPS"
exit
I have configure same in SRX under GROUP hierarchy.
groups {
node0 {
security {
policies {
from-zone Trust to-zone <*> {
policy test {
match {
source-address x.x.x.x;
destination-address any;
application [junos-http
junos-https]; }
then {
permit;
}
}
}
}
}
}
node1 {
security {
policies {
from-zone Trust to-zone <*> {
policy test {
match {
source-address x.x.x.x;
destination-address any;
application [junos-http junos-https];
}
then {
permit;
}
}
}
}
}
}
}
apply-groups "${node}";
Similar I have few more policies from different specific zones to Global.
My question is that will I migrated this part correctly or not. If this is
not correct, kindly let me know correct way to configure similar to
netscreen policy.
Regards,
Muhammad Atif Jauhar
(+966-56-00-04-985)
More information about the juniper-nsp
mailing list