Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SRX Getting Started - Configure Address Books and Applications (Services)

0

0

Article ID: KB16621 KB Last Updated: 07 Feb 2014Version: 4.0
Summary:

This article provides references to information about security policy address book entries, address sets (groups of Address book entries), and applications (services). The article also includes configuration examples.

For other topics, go to the SRX Getting Started main page.

Symptoms:

Configure security policy address book entries and custom security applications (services)

Cause:

Solution:

This section contains the following:


Address Book Entries and Application Services can be in Security Policies. Refer to KB16553 - SRX Getting Started - Configure Security Policies for more information on Security Policies and examples.


Address Book and Address Set (Group of Address-Book-Entries)

For an overview and configuration information about address books and address sets (referred to as "address groups" in ScreenOS), see Address Books and Address Sets Feature Guide for Security Devices.  


Applications (Services)

For an overview and configuration information about policy application sets (referred to as "services" in ScreenOS), see Security Policy Applications Feature Guide for Security Devices.


Configuration Examples

The following example creates two security policy address book entries and adds them to a security policy address set:

Create an Address

user@host# set security zones security-zone trust address-book address trust-net 10.1.1.0/24
user@host# set security zones security-zone trust address-book address Bob-PC 10.1.1.1/32

Create an Address Set (Groups)

user@host# set security zones security-zone trust address-book address-set All10 address trust-net
user@host# set security zones security-zone trust address-book address-set All10 address Bob-PC


The following example creates a custom security policy application (service) for SSH:

List Default Application (Service)
user@host> show configuration groups junos-defaults applications

Create a Custom Application (Service)
user@host# set applications application my-ssh protocol tcp
user@host# set applications application my-ssh destination-port 22
user@host# set applications application my-ssh inactivity-timeout 3600

Create Custom Services  with Multiple Ports (Requires "terms")
user@host# set applications application my-ssh term ssh protocol tcp
user@host# set applications application my-ssh term ssh destination-port 22
user@host# set applications application my-ssh term ssh inactivity-timeout 3600
user@host# set applications application my-ssh term ssh1 protocol tcp
user@host#
set applications application my-ssh term ssh1 destination-port ssh



Verification

To get information about address books and zones, use the following operational mode command:  

user@host> show configuration security zones


To list default applications, use the following operational mode command:

user@host> show configuration groups junos-defaults applications


To list custom applications, use the following operational mode command:

user@host> show configuration applications

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search