Junos Space Developer
Highlighted
Junos Space Developer

Security zones management via Junos Space

‎02-06-2013 07:09 AM

Hi,

 

can anyone tell me, how do I manage security zones on SRXs via Junos Space?

 

I cant find anything like: Zone X = interface a,b,c...; Zone Y = interface d,e,f...

 

Do I have to always configure zones on the SRX first?

 

Thanks for the info.

 

M.

MV.
5 REPLIES 5
Highlighted
Junos Space Developer

Re: Security zones management via Junos Space

[ Edited ]
‎02-08-2013 06:33 AM

The only way that I know of to do this within Space is to edit the device's configuration, and drill down in the tree and create the zones and add in the interface(s).

 

"Devices > Device Management"; Right-click on the device and select "Device Configuration > Modify Device Configuration"

 

Or, like you said, you can just do it via the CLI.


I think that there are plans to add this feature within Space, at some point.

Scott Ware
Security Engineer
Juniper Ambassador
Twitter: @scottdware
Skype: scottdware
scottdware@gmail.com

"Do. Or do not. There is no try." - Yoda
Highlighted
Junos Space Developer

Re: Security zones management via Junos Space

‎05-21-2013 03:50 PM

The other option would be device templates which is probably easier.

Highlighted
Junos Space Developer

Re: Security zones management via Junos Space

‎06-11-2013 04:46 AM
I think this is a feature that we might see in the future. Only makes sense, with the way that they are going with Space Smiley Happy
Scott Ware
Security Engineer
Juniper Ambassador
Twitter: @scottdware
Skype: scottdware
scottdware@gmail.com

"Do. Or do not. There is no try." - Yoda
Highlighted
Junos Space Developer

Re: Security zones management via Junos Space

‎06-04-2015 04:42 AM

Is this something that has to be done through a template in "network managment platform" if you dont want to do it manualy on each device?

Highlighted
Junos Space Developer

Re: Security zones management via Junos Space

‎06-05-2015 09:09 AM

Hi,

 

If Security Director is installed in Junos Space, then this provides some management of Zones as shown in the following links, this functionality is then made available from within Junos Space when selecting a root device or lsys and then selecting Device Configuration | Modify Configuration

 

http://www.juniper.net/techpubs/en_US/junos-space14.1/topics/task/operational/junos-space-security-d...

 

http://www.juniper.net/techpubs/en_US/junos-space14.1/topics/task/operational/junos-space-security-d...

 

If Security Director isn't an option (although highly recommended if you are managing SRX within Junos Space), then some similar (albeit limited) functionality could be implemented via the use of Device Templates, CLI Configlets, or via SLAX scripts.

 

For some projects that I've worked on the functionality via Security Director is best, however sometimes only a generic one-size fits all approach is required, and in those circumstances then CLI configlets can be implemented to perform that basic configuration that can then be expanded upon.  For example a CLI Configlet could prompt the user to enter a Zone name, appropriate vlan, and then that can drive the final configuration to the selected device.

 

        security {
            zones {
                security-zone T-${tenantName} {
                    screen SN-GLOBAL;
                    host-inbound-traffic {
                        system-services {
                            ping;
                            traceroute;
                        }
                        protocols {
                            bgp;
                            bfd;
                            pim;
                            igmp;
                        }
                    }
                    interfaces {
                        reth0.${interco-vlan-to-SRX};
                    }
                }
            }
        }

Regards,

Andy