Message Image

Skip main navigation (Press Enter).

Screen OS

last person joined: 8 months ago

This is a legacy community with limited Juniper monitoring.

Back to discussions

Expand all | Collapse all

block ip zone to zone

Jump to Best Answer

Erdem12-07-2011 22:59

hi , i want to create 2 policy with different name . because. i have to 2 zones 1. is trust ...

Erdem12-08-2011 11:55Best Answer

From CLI, define the addresses: set address trust 11.11.11.1 11.11.11.1 255.255.255.255 set address ...

Erdem12-10-2011 23:42

1. block ip zone to zone

0 Recommend
Erdem
Posted 12-07-2011 22:59
hi ,

i want to create 2 policy with different name . because.

i have to 2 zones 1. is trust and another is DMZ.
11.11.11.1,11.111.11.2 this two ip are trust zone
12.12.12.1,12.12.12.2,12.12.12.3 this ip are DMZ zone.

i want to configuer following way:
11.11.11.1 will be get 12.12.12.1&12.12.12.2
11.11.11.2 will be get 12.12.12.3

can any one help me??

thanks
Maung
2. RE: block ip zone to zone
Best Answer

0 Recommend
Erdem
Posted 12-08-2011 11:55
From CLI,
define the addresses:
set address trust 11.11.11.1 11.11.11.1 255.255.255.255
set address trust 11.11.11.2 11.11.11.2 255.255.255.255
set address DMZ 12.12.12.1 12.12.12.1 255.255.255.255
set address DMZ 12.12.12.2 12.12.12.2 255.255.255.255
set address DMZ 12.12.12.3 12.12.12.3 255.255.255.255

configure the rules:
set policy top from dmz to trust any any any deny
set policy top from trust to dmz any any any deny -> if you do not already have deny rules...
set policy id 100 top from trust to dmz 11.11.11.1 12.12.12.1 any permit
set policy id 100
set dst-address 12.12.12.2
exit
set policy id 101 top from trust to dmz 11.11.11.2 12.12.12.3 any permit
save

HTH!
3. RE: block ip zone to zone

0 Recommend
Erdem
Posted 12-10-2011 23:42
Thanks lots

Powered by Higher Logic