Expand all | Collapse all

Add a range of interfaces to a zone

Jump to Best Answer
  • 1.  Add a range of interfaces to a zone

    Posted 01-31-2021 18:34

    Imagine that I have 10 interfaces that I want to add to the trust zone.
    Is there a simple way to do this, or do I have to add each interface one at a time?
    In particular, I'm thinking about the CLI.

    Is there any way we can define an interface range and use that?


  • 2.  RE: Add a range of interfaces to a zone
    Best Answer

    Posted 02-01-2021 06:02
    Just a reminder that you only need to add the layer 3 configured interfaces to the zone if you are operating the SRX in the default layer 3 mode.  So if these are a bunch of layer 2 interfaces there is no need to do this.

    Junos does have an interface range function, but this is not enabled at the security zones area as you likely noticed.

    You main tool for this type of short cut is the groups with apply-groups.  In a group you can setup a basic match criteria for any text at all. 
    So in this case you create a match range at interfaces for your multiple items with wild cards.

    Then at the specific zone you use the apply-groups to pull in the matches to that part of the config.

    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)

  • 3.  RE: Add a range of interfaces to a zone

    Posted 02-01-2021 23:04
    You're right, my interface count was higher than necessary as I was counting L2 interfaces. I just wasn't thinking.

    I didn't think about apply-groups, but that's probably overkill for me now.

    Thanks for your help!