Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Exclude 1 address from policy user-to-internet

  • 1.  Exclude 1 address from policy user-to-internet

    Posted 06-17-2021 02:59
    Hello, I have a policy for user group (LOCAL-NET wich already include server BACKUP-SERVER ) to Internet with application feautures skyatp, idp, utm.
    I need exclude 1 address from this policy, but i need that this address (BACKUP-SERVER 192.168.20.20/32)  still have internet  from other policy without application feautures

    set security zones security-zone trust address-book address DATA-NET 192.168.200.0/24
    set security zones security-zone trust address-book address DATA-CLOUD1 192.168.20.0/24
    set security zones security-zone trust address-book address DATA-CLOUD2 192.168.23.0/24

    set security zones security-zone trust address-book address BACKUP-SERVER 192.168.20.20/32

    set security zones security-zone trust address-book address-set LOCAL-NET address DATA-NET
    set security zones security-zone trust address-book address-set LOCAL-NET address DATA-CLOUD1
    set security zones security-zone trust address-book address-set LOCAL-NET address DATA-CLOUD2

    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY match source-address LOCAL-NET
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY match destination-address any
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY match application any
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services idp-policy COPY-CLIENT-SERVER-POLICY-IDP
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services utm-policy test-utm
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services security-intelligence-policy secintel_policy
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services advanced-anti-malware-policy aamw-policy
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then count



    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY match source-address BACKUP-SERVER
    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY match destination-address any
    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY match application any
    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY then permit