Knowledge Search


×
 

SRX Getting Started - Configure Address Books and Applications (Services)

  [KB16621] Show Article Properties


Summary:

This article provides references to information about security policy address book entries, address sets (groups of Address book entries), and applications (services). The article also includes configuration examples.

For other topics, go to the SRX Getting Started main page.

Symptoms:

Configure security policy address book entries and custom security applications (services)

Cause:

Solution:

This section contains the following:


Address Book Entries and Application Services can be in Security Policies. Refer to KB16553 - SRX Getting Started - Configure Security Policies for more information on Security Policies and examples.


Address Book and Address Set (Group of Address-Book-Entries)

For an overview and configuration information about address books and address sets (referred to as "address groups" in ScreenOS), see Address Books and Address Sets Feature Guide for Security Devices.  


Applications (Services)

For an overview and configuration information about policy application sets (referred to as "services" in ScreenOS), see Security Policy Applications Feature Guide for Security Devices.


Configuration Examples

The following example creates two security policy address book entries and adds them to a security policy address set:

Create an Address

user@host# set security zones security-zone trust address-book address trust-net 10.1.1.0/24
user@host# set security zones security-zone trust address-book address Bob-PC 10.1.1.1/32

Create an Address Set (Groups)

user@host# set security zones security-zone trust address-book address-set All10 address trust-net
user@host# set security zones security-zone trust address-book address-set All10 address Bob-PC


The following example creates a custom security policy application (service) for SSH:

List Default Application (Service)
user@host> show configuration groups junos-defaults applications

Create a Custom Application (Service)
user@host# set applications application my-ssh protocol tcp
user@host# set applications application my-ssh destination-port 22
user@host# set applications application my-ssh inactivity-timeout 3600

Create Custom Services  with Multiple Ports (Requires "terms")
user@host# set applications application my-ssh term ssh protocol tcp
user@host# set applications application my-ssh term ssh destination-port 22
user@host# set applications application my-ssh term ssh inactivity-timeout 3600
user@host# set applications application my-ssh term ssh1 protocol tcp
user@host#
set applications application my-ssh term ssh1 destination-port ssh



Verification

To get information about address books and zones, use the following operational mode command:  

user@host> show configuration security zones


To list default applications, use the following operational mode command:

user@host> show configuration groups junos-defaults applications


To list custom applications, use the following operational mode command:

user@host> show configuration applications

 

Related Links: