Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

Exclude 1 address from policy user-to-internet

  • 1.  Exclude 1 address from policy user-to-internet

    Posted 06-17-2021 02:59
    Hello, I have a policy for user group (LOCAL-NET wich already include server BACKUP-SERVER ) to Internet with application feautures skyatp, idp, utm.
    I need exclude 1 address from this policy, but i need that this address (BACKUP-SERVER 192.168.20.20/32)  still have internet  from other policy without application feautures

    set security zones security-zone trust address-book address DATA-NET 192.168.200.0/24
    set security zones security-zone trust address-book address DATA-CLOUD1 192.168.20.0/24
    set security zones security-zone trust address-book address DATA-CLOUD2 192.168.23.0/24

    set security zones security-zone trust address-book address BACKUP-SERVER 192.168.20.20/32

    set security zones security-zone trust address-book address-set LOCAL-NET address DATA-NET
    set security zones security-zone trust address-book address-set LOCAL-NET address DATA-CLOUD1
    set security zones security-zone trust address-book address-set LOCAL-NET address DATA-CLOUD2

    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY match source-address LOCAL-NET
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY match destination-address any
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY match application any
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services idp-policy COPY-CLIENT-SERVER-POLICY-IDP
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services utm-policy test-utm
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services security-intelligence-policy secintel_policy
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then permit application-services advanced-anti-malware-policy aamw-policy
    set security policies from-zone trust to-zone untrust policy USERS-to-INET-POLICY then count



    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY match source-address BACKUP-SERVER
    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY match destination-address any
    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY match application any
    set security policies from-zone trust to-zone untrust policy BACKUP-SERVER-to-INET-POLICY then permit