Hi,
I have configured a security policy that works as I expect it to by denying ping to the RADIUS server from anywhere other than one particular interface.
I also need to set the said policy with access to UDP1812, 1813 and 1814. I utilised Juniper documentation to create this and apply to a policy but it is not working.
Here is the configuration I configured:
set applications application RADIUS term radius protocol udp
set applications application RADIUS term radius source-port 1812-1814
set applications application RADIUS term radius destination-port 1812-1814
I then applied that to the policies as shown below:
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy Steve match source-address thw-lns-01
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy Steve match destination-address thw-radius-01
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy Steve match application junos-ntp
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy Steve match application junos-pingv6
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy Steve match application junos-ping
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy Steve match application RADIUS
set security policies from-zone Customer-Network to-zone NineGroup-DMZ policy Steve then permit
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy Steve1 match source-address thw-radius-01
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy Steve1 match destination-address thw-lns-01
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy Steve1 match application junos-ntp
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy Steve1 match application junos-pingv6
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy Steve1 match application junos-ping
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy Steve1 match application RADIUS
set security policies from-zone NineGroup-DMZ to-zone Customer-Network policy Steve1 then permit
set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match source-address any
set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match destination-address any
set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match application any
set security policies from-zone Customer-Network to-zone Customer-Network policy Steve then permit
set security policies from-zone NineGroup-DMZ to-zone NineGroup-DMZ policy Steve1 match source-address thw-lns-01
set security policies from-zone NineGroup-DMZ to-zone NineGroup-DMZ policy Steve1 match destination-address thw-radius-01
set security policies from-zone NineGroup-DMZ to-zone NineGroup-DMZ policy Steve1 match application junos-ntp
set security policies from-zone NineGroup-DMZ to-zone NineGroup-DMZ policy Steve1 match application junos-pingv6
set security policies from-zone NineGroup-DMZ to-zone NineGroup-DMZ policy Steve1 match application junos-ping
set security policies from-zone NineGroup-DMZ to-zone NineGroup-DMZ policy Steve1 match application RADIUS
set security policies from-zone NineGroup-DMZ to-zone NineGroup-DMZ policy Steve1 then permit
Am I configuring this correctly please?
Thanks