[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

CLI Configuration

  1. Configure zones.
    user@host# set security zones security-zone external_subscriber
    user@host# set security zones security-zone external_subscriber host-inbound-traffic system-services all
    user@host# set security zones security-zone external_subscriber host-inbound-traffic protocols all
    user@host# set security zones security-zone internal_ca
    user@host# set security zones security-zone internal_ca host-inbound-traffic system-services all
    user@host# set security zones security-zone internal_ca host-inbound-traffic protocols all
  2. Configure addresses.
    user@host# set security zones security-zone internal_ca address-book address ca_agent1 10.1.1.101/32
    user@host# set security zones security-zone external_subscriber address-book address SubscriberSubNet 2.2.2.1/24
  3. Configure interfaces.
    user@host# set security zones security-zone internal_ca interfaces ge-0/0/1
    user@host# set interfaces ge-0/0/1 unit 0 family inet address 2.2.2.1/24
    user@host# set security zones security-zone external_subscriber interfaces ge-0/0/0
    user@host# set interfaces ge-0/0/0 unit 0 family inet
  4. Configure internal-to-external zone policies.
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers match source-address ca_agent1
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers match destination-address SubscriberSubNet
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers match application junos-mgcp
    user@host# set security policies from-zone internal_ca to-zone external_subscriber policy Pol-CA-To-Subscribers then permit
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA match source-address SubscriberSubNet
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA match destination-address call_agent1
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA match application junos-mgcp
    user@host# set security policies from-zone external_subscriber to-zone internal_ca policy Pol-Subscribers-To-CA then permit
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA match source-address any
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA match destination-address any
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA match application any
    user@host# set security policies from-zone internal_ca to-zone internal_ca policy Pol-Intra-CA then permit
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber match source-address any
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber match destination-address any
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber match application any
    user@host# set security policies from-zone external_subscriber to-zone external_subscriber policy Pol-Intra-subscriber then permit
[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]