SRX

Expand all | Collapse all

Security policies between zones question

Jump to Best Answer
  • 1.  Security policies between zones question

    Posted 08-24-2019 07:23

    When applying security policies from-zone A to-zone B with match application any parameter, does it mean that
    ftp, ssh, telnet, HTTP and the rest are instantly allowed for the traffic going between these zones?
    What exactly is covered under application any scope?

     

    Thank you Woman Happy



  • 2.  RE: Security policies between zones question

    Posted 08-24-2019 07:53

    Hi Isabella,

     

    When you configure a security policy with "application any", all predefined or custom applications or application sets are included. However, custom ports have to be explicitly defined under the application hierarchy. For more information, please check the technical documentation - https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-edit-application-security-policies.html

     

    List of well-known ports - https://tools.ietf.org/html/rfc1340#page-9

    How to create and use a custom application on SRX and J Series devices- https://kb.juniper.net/InfoCenter/index?page=content&id=KB13365



  • 3.  RE: Security policies between zones question
    Best Answer

     
    Posted 08-24-2019 17:20

    Isabella,

     

    When applying security policies from-zone A to-zone B with match application any parameter, does it mean that
    ftp, ssh, telnet, HTTP and the rest are instantly allowed for the traffic going between these zones?

     

    R/ Yes

     

    What exactly is covered under application any scope?

     

    R/ Junos has predefined applications like junos-ssh, junos-telnet, etc. When you use the any option all these predefined applications are included. You can see the predefined apps with the following command:

     

    # show configuration groups junos-defaults applications

     

    Also, if you have configured custom applications and these use well-known ports, those apps will be included under the application any option as well. See the following link for Understanding Custom Applications:

     

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-policy-custom-applications.html

     

    I hope this helps you 😉

     

     

     



  • 4.  RE: Security policies between zones question

    Posted 08-26-2019 05:15

    noobmaster and mrojas, thank you BOTH for the suggested solutions!
    I appreciate the assistance!  Woman Very Happy



  • 5.  RE: Security policies between zones question

    Posted 08-26-2019 05:38

    You're welcome Isabella Man Wink