[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring a Policy to Permit Traffic

Configuring a policy to permit traffic is the first step in the sample configuration explaining how to configure a policy.

Before You Begin
  1. Establish basic connectivity. (See the Getting Started Guide for your device.)
  2. Create zones. See Creating Security Zones.
  3. Configure the address book for the policy. (See Configuring a Policy to Permit Traffic.)
  4. For background information, read Example: Configuring Security Policies—Detailed Configuration.

To configure a policy to permit traffic, use either J-Web or the CLI configuration editor. The following configuration commands allow traffic between the loopback addresses of both the Juniper Networks devices.

This topic covers:

J-Web Configuration

To configure a policy to permit traffic using the J-Web configuration editor:

  1. Select Configuration>View and Edit>Edit Configuration.

    The Configuration page appears.

  2. Next to Security, click Configure or Edit.
  3. Next to Policies, select the check box and click Configure.
  4. In the From zone name box, type green.
  5. In the To zone name box, type red.
  6. In the Policy name box, type allowin.
  7. Select the Match check box.
  8. Select the Then check box.
  9. Next to Match, click Configure.
  10. From the Source address choice list, select Source address.
  11. Next to Source address, click Add new entry.
  12. From the Value keyword list, select Enter specific value.
  13. In the Address box, type netTopLoopInt and click OK.
  14. To match the policy to a destination address, from the Destination address choice list, select Destination address.
  15. Next to Destination address, click Add new entry.
  16. From the Value keyword list, select Enter specific value.
  17. In the Address box, type netBottomLoopInt and click OK.
  18. To match the policy to an application set name, from the Application Choice list, select Application.
  19. Next to Application, click Add new entry.
  20. To specify the application set name to match the policy, from the Value keyword list, select any and click OK.
  21. Next to Then, click Configure.
  22. From the Action list, select Permit and click OK.
  23. If you are finished configuring the device, commit the configuration.
  24. To check the configuration, see Verifying Policy Configuration.

CLI Configuration

user@host# set security policies from-zone RED to-zone GREEN policy allowIn match source-address netTopLoopInt
user@host# set security policies from-zone RED to-zone GREEN policy allowIn match destination-address netBottomLoopInt
user@host# set security policies from-zone RED to-zone GREEN policy allowIn match application any
user@host# set security policies from-zone RED to-zone GREEN policy allowIn then permit

If you are finished configuring the device, commit the configuration.

To check the configuration, see Verifying Policy Configuration.

Related Topics

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]