SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Hidden cli "set security zones security-zone untrust interfaces all"

    Posted 04-28-2013 23:56

    Hi All,

     

    There is a Hidden cli "set security zones security-zone untrust interfaces all" , Any  idea when this cli would be useful.

    Is there chance customer use thic hidden cli  in real customer configuration.

     

    Can some one throw some light on this.

     

    Thanks,

    Ravindhar


    #hidden


  • 2.  RE: Hidden cli "set security zones security-zone untrust interfaces all"

    Posted 04-29-2013 00:42

    Hi, 

    May be if the costumer is paranoid and doesn't trust anyone 😄



  • 3.  RE: Hidden cli "set security zones security-zone untrust interfaces all"
    Best Answer

    Posted 04-29-2013 00:44

    Hi Ravindhar,

     

    set security zones security-zone untrust interfaces all

    <This commands puts all interface under one security zone, so you don't have to configure interface one by one under zone hierarchy>.

     

    Any  idea when this cli would be useful.

    <I personally don't see it useful because in traditionally firewall environment nobody is going to put all interface under one zone>.

     

     

    Regards,

    Deepak



  • 4.  RE: Hidden cli "set security zones security-zone untrust interfaces all"

     
    Posted 04-30-2013 06:01
    I found it useful in a lazy kind of way when I was studying routing (on srx'es). When you add all interfaces to the zone like that, you can have all the interfaces in the same zone, doesn't matter if they're in different routing instances. But no, no real environment will have this configuration.


  • 5.  RE: Hidden cli "set security zones security-zone untrust interfaces all"

    Posted 04-30-2013 11:28

    I see it mostly useful as a templating or starting point mechanism.  It's a quick way to set a baseline.

     

    1 - put all interfaces in untrust by default

    2 - selectively move interfaces into other / new zones as needed

     

    It just helps keep track of where things are.  If it's not useful for you, you don't need to use it.  That's why it's hidden.  Smiley Wink