Junos OS

hello guys, is this a valid config to create zone and address set?

Thank you.

-----------------------------------------

set interfaces ge-0/0/1 unit 0 family inet address 192.168.2.1/24

set security zones security-zone D_DMZ_Zone

set security zones security-zone D_DMZ_Zone interfaces ge-0/0/1.1

set security address-book D_DMZ_Zone address-set D_DMZ_LAN address 192.168.2.0/24

set security address-book D_DMZ_Zone address-set Web1_DMZ address 192.168.2.47/32

set security address-book D_DMZ_Zone address-set Web2_DMZ address 192.168.2.48/32

http://www.juniper.net/documentation/en_US/junos11.4/topics/example/zone-address-book-configuring-cli.html

Thanks, Suresh.

Hello,

A small correction:

set security zones security-zone D_DMZ_Zone interfaces ge-0/0/1.0 <-------- Here

Other commands are correct.

You will also need to specify host-inbound-traffic (for to the box traffic)

root# set security zones security-zone D_DMZ_Zone host-inbound-traffic system-services all
root# set security zones security-zone D_DMZ_Zone host-inbound-traffic protocols all

Instead of 'all' you can put specific options as well.

Regards,

Rushi

Hi Rushi,

For ge-0/0/1.0 cannot specify other number except "0"?

Thanks for pointing out about the inbound traffic, appreciate  your help.

Thank you.

Hello,

You can specify number other than '0'. But for that you need to configure interfaces with non zero unit as below:

e.g. 1) If you have:

ge-0/0/0 {
    unit 0 { <--------------- Here
        family inet {
            address 10.204.8.199/24;
        }
    }
}

then it is ge-0/0/0.0

2) if you have:

ge-0/0/0 {
    unit 1 {    <------------ Here
        family inet {
            address 10.204.8.199/24;
        }
    }
}

then it is ge-0/0/0.1

Regards,

Rushi

Wow Rushi, thanks for pointing out that one.

Thank you very much.