SRX

 View Only
last person joined: 3 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Can we create one group Securiy policy that consists multiple security policy?

    Posted 05-06-2024 20:38

    Hi all,

    In the CLI SRX, is it possible we create one global security policy that consists multiple child rule security policy. I means like we create address-set and in the address-set have multiple address-book.

    If can then can someone share url how to do it?

    Thanks and appreciate any feedback



  • 2.  RE: Can we create one group Securiy policy that consists multiple security policy?

    Posted 05-07-2024 10:54

    I don't know if this would do what you're looking for, but you could do something like this:

    groups {
       trust-to-untrust {
          security {
             policies {
                from-zone <*> to-zone <*> {
                   policy policy1 {
                      // some policy here
                   }
                   policy policy2 {
                      // another policy here
                   }
                }
             }
          }
       }
    }

    And then, say you have three different ISPs, each in their own zone:

    set security policies from-zone trust to-zone untrust-isp-1 apply-groups trust-to-untrust
    set security policies from-zone trust to-zone untrust-isp-2 apply-groups trust-to-untrust
    set security policies from-zone trust to-zone untrust-isp-3 apply-groups trust-to-untrust

    So if you have to make changes to your internet policies, you can do it all in one place. I don't think this is exactly what you're asking for, but may be it can help. I love using configuration groups.



    ------------------------------
    Nikolay Semov
    ------------------------------



  • 3.  RE: Can we create one group Securiy policy that consists multiple security policy?

    Posted 05-07-2024 11:21

    Hi Nikolay,

    Thanks for your feedback. But unfortunately not like that i want. I know we can make group policy using SD. But i just to know whether can possible do on CLI also.

    Thanks




  • 4.  RE: Can we create one group Securiy policy that consists multiple security policy?

    Posted 05-07-2024 12:05

    In that case, I'm not sure what you mean ... The example I gave you is CLI, not SD.



    ------------------------------
    Nikolay Semov
    ------------------------------