Junos
Highlighted
Junos

Time-range policy

‎09-08-2008 01:27 AM

Hello, all.

I want to use a policy which from a to b time slot using it, use another policy which from b to c time slot using it, like ciso's 'time-range'. what's the likely command or method in JUNOS?

 

Best regards.

2 REPLIES 2
Highlighted
Junos

Re: Time-range policy

[ Edited ]
‎09-10-2008 12:51 AM

Hi there,

 

If you are using J-Series with JUNOS Enhanced Services, you can use the scheduler hierarchy to create time-of-day policies.  Eg:

 

 

set schedulers {

scheduler myTime {

start-date 2008-09-09.13:00

stop-date 2008-09-13.1:00

}

}

...

set security {

policies {

from-zone trust {

to-zone untrust {

policy deny-all {

match source-address any;

match destination-address any;

then deny;

scheduler-name myTime;

}

}

}

}

}

 

If you are using "normal" JUNOS on J-Series, or M/T-Series then it is a bit more complicated.  You will need to use event scripting to trigger an external script to make whatever configuration changes you are trying to achieve.  Event scripting looks like this:

 

 

event-options {

generate-event {

triggerMyEvent time-of-day "17:10:00 +0000";

}

policy myPolicy {

events triggerMyEvent;

then {

event-script myScript.xslt;

}

}

}

 

The event script itself is an XSLT or SLAX document with the configuration statements you wish to make.  If you download the JUNOS Configuration and Diagnostic Automation Guide, it has a complete description of how to write event scripts.

 

Hope this helps! 

 

Message Edited by dfex on 09-10-2008 05:53 PM
Message Edited by dfex on 09-10-2008 05:54 PM
Ben Dale
JNCIP-ENT, JNCIP-SP, JNCIP-DC, JNCIE-SEC #63
Juniper Ambassador
Follow me @labelswitcher
Highlighted
Junos

Re: Time-range policy

‎09-10-2008 02:12 AM
Thank you, dfex.

I never used script, so can you tell me some examples?
Like below:
> show configuration interfaces so-4/0/0
description A;
unit 0 {
family inet {
filter {
output day;
}
address a;
}
family iso;
}
> show configuration firewall filter day
term 2 {
from {
destination-address {
b;
}
}
then accept;
}
term 3 {
from {
source-address {
c;
}
}
then routing-instance cqedu;
}

Can you tell me how to write a script ?

thank a lot.
Feedback