Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Address ranges for src to policies

    Posted 08-29-2009 20:03

    I have one interface that the address range is divided between 2 user groups, each needing different egress rules.

     

    The manual talks about being able to set up rules by range of addresses, but the GUI only seems to support CIDR-style address ranges.  In theory, I MIGHT be able to use this as the address space is effectively divided in half, but then there are systems on what would be the broadcast address of one CIDR range and the network address of the other, so it does not seem that a CIDR-style address range is what I should use.

     

    How DO I set up an address range to use in the src part of a policy?

     

     



  • 2.  RE: Address ranges for src to policies
    Best Answer

    Posted 08-31-2009 03:03

    Hi,

     

    It doesn't matter that the address matches a network or broadcast address entry from the CIDR network that you are using in a policy. It still matches that entry with the CIDR network. Those are not routing entries that you are doing, those are security policies, in here you don't care for the network or broadcast address.

     

    There is no way do define a range of IP address. What you can do is you can create a group of many CIDR addresses networks.

     

    regards,

    /m



  • 3.  RE: Address ranges for src to policies

    Posted 08-31-2009 05:09

    Got it.

     

    Thanks!