SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Address books SRX

    Posted 01-31-2020 06:46

    Hello,

     

    I'm trying to create an address-book with admin's IP addresses from different subnets/vlan, but with problems..

     

    root@SRX2# show security address-book admins 
address admin-cable 192.168.3.10/32;
address admin-wifi 192.168.4.10/32;

root@SRX2# show security policies from-zone mobile to-zone managment policy permit-admins          
match {
    source-address admins;
    destination-address any;
    application any;
}
then {
    permit;
}


root@SRX2# commit 


[edit security policies from-zone mobile to-zone managment]
  'policy permit-admins'
    Source address or address_set (admins) not found.
error: configuration check-out failed

    The address-book has not be found when commiting. How to create such address-book?



  • 2.  RE: Address books SRX

     
    Posted 01-31-2020 09:22

    Hi Gabriel,

     

    Greetings, Is this particular address book Attached to a zone? 

     

    for example:

     

    Attach the address book to a security zone.

    content_copyzoom_out_map
    [edit security address-book Eng-dept]
    user@host# set attach zone trust
     
    Source: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-address-books-sets.html
     

     

    Regards,
    Lil Dexx JNCIE-ENT#863

     

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

     

     


  • 3.  RE: Address books SRX
    Best Answer

    Posted 02-01-2020 06:14

    Typically you will create the address and address-set objects under the zone hierarchy.  

    The top level is for the global zone.

     

    set security zones security-zone trust address-book address admin-cable 192.168.3.10/32

    set security zones security-zone trust address-book address-set address permit-admins address admin-cable