SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Global address book

    Posted 12-22-2020 08:06

    Hello all,

    I'm trying to configure address book under global addresses, after adding few  address entries when I try to use them in security policies, those addresses never shows in the options, it only shows any-ipv4 and any-ipv6. 

    Any pointers of what am I missing to do first?

    I've followed this KB and don't seem to have missed on any config part.

    Thanks in advance.

    Configuring Address Book Objects with J-WEB

    YouTube remove preview
    Configuring Address Book Objects with J-WEB
    The Configuring Address Book Objects with J-Web Learning Byte covers how to configure address book objects on SRX Series devices using J-Web. This Learning B...
    View this on YouTube >



  • 2.  RE: Global address book

    Posted 01-02-2021 22:01
    I believe that policies are referenced by zones and vice versa however the zones are where you need to use address book entries. Placing an entry in the global address book makes it global. So, the local address book is the place to get addresses for the zone. I dont think that policies are very configurable on srx/some junos. Better check but thats my take.  I believe there is a way to use zones in a different way though. Attaching a zone to the local address book makes it internet and internal capable.

    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)


  • 3.  RE: Global address book

    Posted 01-03-2021 10:56
    To expand on what Adrian has pointed out, Global is a zone too just like your other created zones but it is the zone that applies if NONE of your other zones are part of the flow.

    So when you create a policy from-zone to-zone the address book entries available are those you created under that particular zone.

    Thus the policy that will use global address objects is one where the global zone is in use for at least one direction.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 4.  RE: Global address book

    Posted 01-03-2021 13:57
    I have not tried using jweb, but if you add an entry in the global address book, that entry should be available  as matching criteria  when you define a policy as you are expecting.  I know that if you create an address book under the zone you are referencing in your policy then you don't see the entries under the global address book anymore: 
     
    though you are saying you don't see anything but any, any-ipv4, and any-ipv6, correct? 

    Check if there is any other address book anyways. I am going to try to connect via jweb to my srx and see how it behaves. 

    Regards, 


  • 5.  RE: Global address book

    Posted 01-04-2021 01:14
    Thanks all for your response & a very happy new year!

    As per Yasmin, thats how I was able to use it through the CLI. under CLI i get to see all the entries and able to reference them while creating a policy from non global zones.

    So, it is safe to assume, Web GUI might be having a bug with this release ?

    root@srx320-poe-01# run show version
    node0:
    --------------------------------------------------------------------------
    Hostname: srx320-poe-01
    Model: srx320-poe
    Junos: 19.4R2.6
    JUNOS Software Release [19.4R2.6]

    node1:
    --------------------------------------------------------------------------
    Hostname: srx320-poe-02
    Model: srx320-poe
    Junos: 19.4R2.6
    JUNOS Software Release [19.4R2.6]

    Thanks again for your support :)