I don't know if this would do what you're looking for, but you could do something like this:
groups {
trust-to-untrust {
security {
policies {
from-zone <*> to-zone <*> {
policy policy1 {
// some policy here
}
policy policy2 {
// another policy here
}
}
}
}
}
}
And then, say you have three different ISPs, each in their own zone:
set security policies from-zone trust to-zone untrust-isp-1 apply-groups trust-to-untrust
set security policies from-zone trust to-zone untrust-isp-2 apply-groups trust-to-untrust
set security policies from-zone trust to-zone untrust-isp-3 apply-groups trust-to-untrust
So if you have to make changes to your internet policies, you can do it all in one place. I don't think this is exactly what you're asking for, but may be it can help. I love using configuration groups.
------------------------------
Nikolay Semov
------------------------------
Original Message:
Sent: 05-06-2024 20:37
From: kronicklez
Subject: Can we create one group Securiy policy that consists multiple security policy?
Hi all,
In the CLI SRX, is it possible we create one global security policy that consists multiple child rule security policy. I means like we create address-set and in the address-set have multiple address-book.
If can then can someone share url how to do it?
Thanks and appreciate any feedback