sargun/gist:4061462

## gistfile1.txt
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping match destination-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping match application junos-icmp-all

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match destination-address ns

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match application junos-dns-tcp

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match application junos-dns-udp

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages match destination-address packages

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages match application junos-http

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet match destination-address puppet

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet match application junos-http

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git match destination-address sysconfig-001

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git match application junos-http

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match destination-address ns

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match destination-address ldap

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match application junos-ldap

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match application ldaps

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp match destination-address ntp

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp match application ntp

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie match destination-address homie

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie match application junos-https

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie then permit

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog match source-address any

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog match destination-address logger

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog match application junos-syslog

[edit]
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog then permit

[edit]
sdhillon@vpn-bidi#

[edit]
sdhillon@vpn-bidi# show | compare rollback 0
[edit]
+ apply-groups azure-to-trust;
[edit security policies]
     from-zone azure to-zone trust { ... }
+    from-zone trust to-zone azure-eng-west {
+        policy allow-all {
+            match {
+                source-address any;
+                destination-address any;
+                application any;
+            }
+            then {
+                permit;
+            }
+        }
+    }
+    from-zone <*> to-zone <*> {
+        policy allow-ping {
+            match {
+                source-address any;
+                destination-address any;
+                application junos-icmp-all;
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-dns {
+            match {
+                source-address any;
+                destination-address ns;
+                application [ junos-dns-tcp junos-dns-udp ];
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-packages {
+            match {
+                source-address any;
+                destination-address packages;
+                application junos-http;
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-puppet {
+            match {
+                source-address any;
+                destination-address puppet;
+                application junos-http;
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-git {
+            match {
+                source-address any;
+                destination-address sysconfig-001;
+                application junos-http;
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-ldap {
+            match {
+                source-address any;
+                destination-address [ ns ldap ];
+                application [ junos-ldap ldaps ];
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-ntp {
+            match {
+                source-address any;
+                destination-address ntp;
+                application ntp;
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-homie {
+            match {
+                source-address any;
+                destination-address homie;
+                application junos-https;
+            }
+            then {
+                permit;
+            }
+        }
+        policy allow-syslog {
+            match {
+                source-address any;
+                destination-address logger;
+                application junos-syslog;
+            }
+            then {
+                permit;
+            }
+        }
+    }

[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ping match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ping match destination-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ping match application junos-icmp-all

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ping then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-dns match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-dns match destination-address ns

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-dns match application junos-dns-tcp

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-dns match application junos-dns-udp

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-dns then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-packages match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-packages match destination-address packages

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-packages match application junos-http

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-packages then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-puppet match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-puppet match destination-address puppet

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-puppet match application junos-http

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-puppet then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-git match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-git match destination-address sysconfig-001

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-git match application junos-http

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-git then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ldap match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ldap match destination-address ns

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ldap match destination-address ldap

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ldap match application junos-ldap

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ldap match application ldaps

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ldap then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ntp match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ntp match destination-address ntp

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ntp match application ntp

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-ntp then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-homie match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-homie match destination-address homie

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-homie match application junos-https

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-homie then permit

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-syslog match source-address any

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-syslog match destination-address logger

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-syslog match application junos-syslog

	[edit]
	sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <> to-zone <> policy allow-syslog then permit

	[edit]
	sdhillon@vpn-bidi#

	[edit]
	sdhillon@vpn-bidi# show \| compare rollback 0
	[edit]
	+ apply-groups azure-to-trust;
	[edit security policies]
	from-zone azure to-zone trust { ... }
	+ from-zone trust to-zone azure-eng-west {
	+ policy allow-all {
	+ match {
	+ source-address any;
	+ destination-address any;
	+ application any;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ }
	+ from-zone <> to-zone <> {
	+ policy allow-ping {
	+ match {
	+ source-address any;
	+ destination-address any;
	+ application junos-icmp-all;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-dns {
	+ match {
	+ source-address any;
	+ destination-address ns;
	+ application [ junos-dns-tcp junos-dns-udp ];
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-packages {
	+ match {
	+ source-address any;
	+ destination-address packages;
	+ application junos-http;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-puppet {
	+ match {
	+ source-address any;
	+ destination-address puppet;
	+ application junos-http;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-git {
	+ match {
	+ source-address any;
	+ destination-address sysconfig-001;
	+ application junos-http;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-ldap {
	+ match {
	+ source-address any;
	+ destination-address [ ns ldap ];
	+ application [ junos-ldap ldaps ];
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-ntp {
	+ match {
	+ source-address any;
	+ destination-address ntp;
	+ application ntp;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-homie {
	+ match {
	+ source-address any;
	+ destination-address homie;
	+ application junos-https;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ policy allow-syslog {
	+ match {
	+ source-address any;
	+ destination-address logger;
	+ application junos-syslog;
	+ }
	+ then {
	+ permit;
	+ }
	+ }
	+ }

	[edit]