SRX Services Gateway
SRX Services Gateway

Security policies between zones question

a month ago

When applying security policies from-zone A to-zone B with match application any parameter, does it mean that
ftp, ssh, telnet, HTTP and the rest are instantly allowed for the traffic going between these zones?
What exactly is covered under application any scope?

 

Thank you Woman Happy

4 REPLIES 4
SRX Services Gateway

Re: Security policies between zones question

[ Edited ]
a month ago

Hi Isabella,

 

When you configure a security policy with "application any", all predefined or custom applications or application sets are included. However, custom ports have to be explicitly defined under the application hierarchy. For more information, please check the technical documentation - https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-...

 

List of well-known ports - https://tools.ietf.org/html/rfc1340#page-9

How to create and use a custom application on SRX and J Series devices- https://kb.juniper.net/InfoCenter/index?page=content&id=KB13365



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
SRX Services Gateway
Solution
Accepted by topic author IsabellaFletcher
4 weeks ago

Re: Security policies between zones question

[ Edited ]
a month ago

Isabella,

 

When applying security policies from-zone A to-zone B with match application any parameter, does it mean that
ftp, ssh, telnet, HTTP and the rest are instantly allowed for the traffic going between these zones?

 

R/ Yes

 

What exactly is covered under application any scope?

 

R/ Junos has predefined applications like junos-ssh, junos-telnet, etc. When you use the any option all these predefined applications are included. You can see the predefined apps with the following command:

 

# show configuration groups junos-defaults applications

 

Also, if you have configured custom applications and these use well-known ports, those apps will be included under the application any option as well. See the following link for Understanding Custom Applications:

 

https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-policy-custom-applicatio...

 

I hope this helps you Smiley Wink

 

 

 

Please mark my answer as the Solution if it applies.
SRX Services Gateway

Re: Security policies between zones question

4 weeks ago

noobmaster and mrojas, thank you BOTH for the suggested solutions!
I appreciate the assistance!  Woman Very Happy

SRX Services Gateway

Re: Security policies between zones question

4 weeks ago

You're welcome Isabella Man Wink



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!