Created
November 12, 2012 19:45
-
-
Save sargun/4061462 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping match destination-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping match application junos-icmp-all | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ping then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match destination-address ns | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match application junos-dns-tcp | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns match application junos-dns-udp | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-dns then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages match destination-address packages | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages match application junos-http | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-packages then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet match destination-address puppet | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet match application junos-http | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-puppet then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git match destination-address sysconfig-001 | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git match application junos-http | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-git then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match destination-address ns | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match destination-address ldap | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match application junos-ldap | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap match application ldaps | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ldap then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp match destination-address ntp | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp match application ntp | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-ntp then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie match destination-address homie | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie match application junos-https | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-homie then permit | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog match source-address any | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog match destination-address logger | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog match application junos-syslog | |
[edit] | |
sdhillon@vpn-bidi# set apply-groups azure-to-trust security policies from-zone <*> to-zone <*> policy allow-syslog then permit | |
[edit] | |
sdhillon@vpn-bidi# | |
[edit] | |
sdhillon@vpn-bidi# show | compare rollback 0 | |
[edit] | |
+ apply-groups azure-to-trust; | |
[edit security policies] | |
from-zone azure to-zone trust { ... } | |
+ from-zone trust to-zone azure-eng-west { | |
+ policy allow-all { | |
+ match { | |
+ source-address any; | |
+ destination-address any; | |
+ application any; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ } | |
+ from-zone <*> to-zone <*> { | |
+ policy allow-ping { | |
+ match { | |
+ source-address any; | |
+ destination-address any; | |
+ application junos-icmp-all; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-dns { | |
+ match { | |
+ source-address any; | |
+ destination-address ns; | |
+ application [ junos-dns-tcp junos-dns-udp ]; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-packages { | |
+ match { | |
+ source-address any; | |
+ destination-address packages; | |
+ application junos-http; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-puppet { | |
+ match { | |
+ source-address any; | |
+ destination-address puppet; | |
+ application junos-http; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-git { | |
+ match { | |
+ source-address any; | |
+ destination-address sysconfig-001; | |
+ application junos-http; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-ldap { | |
+ match { | |
+ source-address any; | |
+ destination-address [ ns ldap ]; | |
+ application [ junos-ldap ldaps ]; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-ntp { | |
+ match { | |
+ source-address any; | |
+ destination-address ntp; | |
+ application ntp; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-homie { | |
+ match { | |
+ source-address any; | |
+ destination-address homie; | |
+ application junos-https; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ policy allow-syslog { | |
+ match { | |
+ source-address any; | |
+ destination-address logger; | |
+ application junos-syslog; | |
+ } | |
+ then { | |
+ permit; | |
+ } | |
+ } | |
+ } | |
[edit] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment