[j-nsp] Netscreen to SRX config Migration and Global Policy
Andrew Jones
andrew.jones at o2networks.com.au
Sun Feb 9 20:08:23 EST 2014
If you’re using JunOS 11.4 or later on a branch SRX, there is global policy support now.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB28109
Regards,
Andrew Jones
From: Muhammad Atif Jauhar<mailto:atif.jauhar at gmail.com>
Sent: Sunday, February 9, 2014 11:23 PM
To: juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
Hi,
I am migrating Netscreen to SRX Firewall. I am facing issue to migrate
configuration of Global Policy.
In Netscreen we have few policies from (Specific Zone) to Global Zone.
set policy id 100 from "Trust" to "Global" "x.x.x.x" "Any-IPv4" "HTTP"
permit log
set policy id 100
set service "HTTPS"
exit
I have configure same in SRX under GROUP hierarchy.
groups {
node0 {
security {
policies {
from-zone Trust to-zone <*> {
policy test {
match {
source-address x.x.x.x;
destination-address any;
application [junos-http
junos-https]; }
then {
permit;
}
}
}
}
}
}
node1 {
security {
policies {
from-zone Trust to-zone <*> {
policy test {
match {
source-address x.x.x.x;
destination-address any;
application [junos-http junos-https];
}
then {
permit;
}
}
}
}
}
}
}
apply-groups "${node}";
Similar I have few more policies from different specific zones to Global.
My question is that will I migrated this part correctly or not. If this is
not correct, kindly let me know correct way to configure similar to
netscreen policy.
Regards,
Muhammad Atif Jauhar
(+966-56-00-04-985)
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list