Hello, JJJCR.
You have mentioned security zones, so I assume this is a SRX devices? Would you please provide a copy of your existing security policies so that we can appropriately make recommendations? The following commands will generate the desired output.
From operational mode: show configuration security
From configuration mode: show security
Please reply back with the output. Thanks.
P.S. If you're using the default policy, I've provided the necessary configuration below.
set security policies from-zone trust to-zone untrust policy deny-smb match source-address any destination-address any application junos-smb
set security policies from-zone trust to-zone untrust policy deny-smb then deny
set security policies from-zone trust to-zone untrust policy deny-smb then count
set security policies from-zone trust to-zone untrust policy deny-netbios match source-address any destination-address any application junos-nbds
set security policies from-zone trust to-zone untrust policy deny-netbios then deny
set security policies from-zone trust to-zone untrust policy deny-netbios then count
insert security policies from-zone trust to-zone untrust policy deny-smb before policy default-permit
insert security policies from-zone trust to-zone untrust policy deny-netbios before policy default-permit
Also, if you're interested, I identified the appropriate applications by running the following commands.
synackray@lab1>show configuration groups junos-defaults applications application junos-smb
term t1 protocol tcp destination-port 139;
term t2 protocol tcp destination-port 445;
synackray@lab1>show configuration groups junos-defaults applications application junos-nbds
term t1 protocol udp destination-port 138;