Table of Contents
Advertisement
Getting Started Guide for Branch SRX Series
Configuration
CLI Quick
Configuration
34
Table 8: Address Books Configuration (continued)
Zones
Address Book
Trust
PC-Trust
Create security policies as shown in
Table 9: Security Policy Configuration
Policy Name
permit-mail-trust-DMZ
permit-http-in-DMZ
To quickly configure this example, copy the following commands, paste them into a text
file, remove any line breaks, change any details necessary to match your network
configuration, copy and paste the commands into the CLI at the
and then enter
from configuration mode.
commit
delete interfaces ge-0/0/1 unit 0 family ethernet-switching
set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/24
set security zones security-zone DMZ interfaces ge-0/0/1 host-inbound-traffic
system-services all
set security zones security-zone DMZ address-book address Server-HTTP-1 192.168.2.2/24
set security zones security-zone DMZ address-book address Server-HTTP-2 192.168.2.3/24
set security zones security-zone DMZ address-book address Server-SMTP 192.168.2.4/24
set security zones security-zone DMZ address-book address-set DMZ-address-set-http
address Server-HTTP-1
set security zones security-zone DMZ address-book address-set DMZ-address-set-http
address Server-HTTP-2
set security zones security-zone trust address-book address PC-Trust 192.168.1.2/32
set security policies from-zone trust to-zone DMZ policy permit-mail-trust-DMZ match
source-address PC-Trust
set security policies from-zone trust to-zone DMZ policy permit-mail-trust-DMZ match
destination-address Server-SMTP
set security policies from-zone trust to-zone DMZ policy permit-mail-trust-DMZ match
application junos-smtp
set security policies from-zone trust to-zone DMZ policy permit-mail-trust-DMZ then
permit
set security policies from-zone DMZ to-zone DMZ policy permit-http-in-DMZ match
source-address DMZ-address-set-http
set security policies from-zone DMZ to-zone DMZ policy permit-http-in-DMZ match
destination-address DMZ-address-set-http
set security policies from-zone DMZ to-zone DMZ policy permit-http-in-DMZ match
application junos-http
set security policies from-zone DMZ to-zone DMZ policy permit-http-in-DMZ then permit
Server IP Address-
192.168.1.2/24
Table 9 on page
34.
From Zone
To Zone
Trust
DMZ
DMZ
DMZ
Copyright © 2016, Juniper Networks, Inc.
Action
Permit SMTP traffic
Permit HTTP traffic
hierarchy level,
[edit]
Advertisement
Table of Contents
