Working on configuring my first SRX100. I come from a Cisco background, and I am having a little trouble figuring this out. I have a new Zone created named Data. The Data Zone will have one server on it. I would like all services allowed on the Data Zone except RDP to that server. So I created a new application named MSFT_RDP with TCP 3389. I then created two new Policies for that Zone they are listed below. I can still RDP even with the policy applied. Any help would be greatly appreciated.
Aaron
from-zone Data to-zone Data {
policy Data_To_Server_RDP_Deny {
match {
source-address any;
destination-address CPARK_SERVER;
application MSFT_RDP;
}
then {
deny;
}
}
policy DATA_TO_DATA_PERMIT {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}