SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Add a range of interfaces to a zone

    Posted 01-31-2021 18:34
    Hi,

    Imagine that I have 10 interfaces that I want to add to the trust zone.
    Is there a simple way to do this, or do I have to add each interface one at a time?
    In particular, I'm thinking about the CLI.

    Is there any way we can define an interface range and use that?


    Thanks


  • 2.  RE: Add a range of interfaces to a zone
    Best Answer

    Posted 02-01-2021 06:02
    Just a reminder that you only need to add the layer 3 configured interfaces to the zone if you are operating the SRX in the default layer 3 mode.  So if these are a bunch of layer 2 interfaces there is no need to do this.

    Junos does have an interface range function, but this is not enabled at the security zones area as you likely noticed.
    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/switches-interface-range.html

    You main tool for this type of short cut is the groups with apply-groups.  In a group you can setup a basic match criteria for any text at all. 
    So in this case you create a match range at interfaces for your multiple items with wild cards.

    Then at the specific zone you use the apply-groups to pull in the matches to that part of the config.
    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/configuration-groups-usage.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 3.  RE: Add a range of interfaces to a zone

    Posted 02-01-2021 23:04
    You're right, my interface count was higher than necessary as I was counting L2 interfaces. I just wasn't thinking.

    I didn't think about apply-groups, but that's probably overkill for me now.

    Thanks for your help!