cmdref.net - Cheat Sheet and Example

cmdref.net is command references/cheat sheets/examples for system engineers.

User Tools

Site Tools


Sidebar








Etc


Reference














.

hardware:junos:policy.html



Junos Policy Configuration Examples

Show Policy

Operation Command
show zone > show security zones
# run show security zones
show policy >show security policies
> show configuration security policies |display set
#show | display set | no-more | match policy
# run show security policies
# run show security policies from ZONE to ZONE
show default application # show groups junos-defaults applications | hold XXXX


Create Security Zone

root> configure
root# set security zones security-zone Trust interfaces reth0.0
root# set security zones security-zone Unrust interfaces reth1.0
root# show | compare
root# commit check
root# commit


Add Policy

create address-book and attach address-book to zone

# set security zones security-zone TRUST address-book address NW1 192.168.10.0/24
or
# set security address-book TRUST-NW address NW1 192.168.10.0/24
# set security address-book TRUST-NW attach zone TRUST
set security zones security-zone untrust address-book address test-01 xx.xx.xx.xx/32
set security zones security-zone untrust address-book address test-02 xx.xx.xx.xx/32
set security zones security-zone untrust address-book address-set test address test-01
set security zones security-zone untrust address-book address-set test address test-02

create appplication

# set applications application test9999 protocol tcp
# set applications application test9999 source-port 0-65535
# set applications application test9999 destination-port 9999

create policy

# set security zones security-zone DMZ address-book address test-server1 100.100.100.11/32

# set security policies from-zone untrust to-zone DMZ policy 030102013 match source-address any
# set security policies from-zone untrust to-zone DMZ policy 030102013 match destination-address test-server1
# set security policies from-zone untrust to-zone DMZ policy 030102013 match application junos-http junos-https
# set security policies from-zone untrust to-zone DMZ policy 030102013 then permit
# set security policies from-zone untrust to-zone DMZ policy 030102013 then log session-init
# edit security policies from-zone UNTRUST to-zone TRUST
# set policy UNTRUST2TRUST match source-address any
# set policy UNTRUST2TRUST match destination-address NW1
# set policy UNTRUST2TRUST match application junos-https junos-http
# set policy UNTRUST2TRUST then permit
# set policy UNTRUST2TRUST then count
# show
# edit security policies from-zone UNTRUST to-zone TRUST policy UNTRUST2TRUST 
# set match source-address any
# set match destination-address NW1
# set match application junos-https junos-http
# set then permit
# set then count
# show


Change Policy Order

# edit security policies from-zone untrust to-zone DMZ
# insert policy 10 before policy 6


Edit Policy

add smtp
# set security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-smtp

remove https
# delete security policies from-zone untrust to-zone DMZ policy 03102013 match application junos-https


Delete Policy

# delete security policies from-zone untrust to-zone DMZ policy 03102013


Active, Inactive Policy




hardware/junos/policy.html.txt ยท Last modified: 2019/06/06 by admin

Page Tools