An address book for a security zone contains the IP address
or domain names of hosts and subnets whose traffic is either allowed,
blocked, encrypted, or user-authenticated.
Address books can have address sets. Each address set
has a name and a list of address names.
Addresses and address sets in the same zone must have
Addresses must conform to the security requirements of
IP addresses can be configured as IPv4 addresses with
the number of prefix bits, or as Domain Name System (DNS) names.
The predefined address any is automatically created for
each security zone.
The address book of a security zone must contain all IP
addresses that are reachable within that zone.
Policies contain both source and destination zones
and addresses. An address is referred to in a policy by the name you
give it in its zone's address book.
When traffic is sent to a zone, the zone and address to
which the traffic is sent are used as the destination zone and address-matching
criteria in policies.
When traffic is sent from a zone, the zone and address
from which it is sent are used as the matching source zone and address
For more information on the address
book configuration syntax and options, see the JUNOS Software CLI Reference
Specify addresses as network prefixes in the prefix/length format. For example, 188.8.131.52/24 is an
acceptable address book address because it translates to a network
prefix. However, 184.108.40.206/24 is not acceptable for an address
book because it exceeds the subnet length of 24 bits. Everything beyond
the subnet length must be entered as 0 (zero). In special scenarios,
you can enter a hostname because it can use the full 32-bit address