SRX Services Gateway
Highlighted
SRX Services Gateway

is there a way to do a global policy and exclude a zone?

‎02-23-2012 04:29 PM

i have a need to allow a port from a zone to every other zone except  outside zone untrust. is there a way to do this with global policy and exclude untrust zone or some other way with groups etc...?

if anyone knows, please let me know..TIA

 

 

1 REPLY 1
Highlighted
SRX Services Gateway

Re: is there a way to do a global policy and exclude a zone?

‎02-24-2012 01:48 AM

You could do this with a global policy but you would need to specify the subnets/ips that traffic is allowed to and from in an address-set.

 

Have a read of the following Tech Doc.

 

http://www.juniper.net/techpubs/en_US/junos11.4/topics/example/security-policy-global-policy-configu...

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Feedback