Management

 View Only
last person joined: 18 days ago 

Ask questions and share experiences with Junos Space and network management.

Configlet that inserts policy before other policy

  • 1.  Configlet that inserts policy before other policy

    Posted 09-20-2022 10:12
    Hi,

    I do not have much experience with JunosSpace management, but was able to create few simple Configlets, that I want to apply to a number of SRX service gateways. 
    At this moment, I am able to apply Configlets that create some objects (like address object) and delete these objects. Preparing the latest (delete), I found that I need to use "delete: xxx", in Configlet Editor.

    Then, I wanted to create Configlet that will insert certain policy to SRX devices. No problem with creating policy, but after applying it, policy is inserted at the end of policy list (for certain from-to context). I am not sure, how to insert my policy at certain hierarchy location (for example, before some known policy).

    I tried with Configlet that is using following:

    security {

        policies {

            from-zone trust to-zone untrust {

                insert policy pol_MyPol before policy pol_Pol1;

           }

        }

      }


    I tried also with "insert:" instead of "insert", but all the time, I am getting error, like:

    Applied Configuration:

    <configuration-text xmlns:xc="urn:ietf:params:xml:ns:netconf:base:1.0" type="subtree"> security {
    policies {
    from-zone trust to-zone untrust {
    insert policy pol_toGit before policy pol_toWindGit;
    }
    }
    }
    </configuration-text>
    Job Failure Reason:
    <rpc-reply >
    <rpc-error>
    <error-type>protocol</error-type>
    <error-tag>operation-failed</error-tag>
    <error-severity>error</error-severity>
    <error-message>syntax error</error-message>
    <error-info>
    <bad-element>insert</bad-element>
    </error-info>
    </rpc-error>
    <rpc-error>
    <error-severity>warning</error-severity>
    <error-path>[edit security policies]</error-path>
    <error-message>mgd: statement has no contents; ignored</error-message>
    <error-info>
    <bad-element>from-zone trust to-zone untrust</bad-element>
    </error-info>
    </rpc-error>
    </rpc-reply>


    Any help how to configure Configlet?

    Another point would be: how to create Configlet, that could save rescue configuration (i.e. how to execute "request system configuration rescue save" using Configlet).


    Regards,
    Milan



    ​​​

    ------------------------------
    MILAN MARKOVIC
    ------------------------------