Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Creating Variables

Use variables to dynamically obtain addresses and zones in group firewall policies that are applied to multiple devices. A variable is useful when similar rules can be used across devices where only the zone or address might differ. Using variables instead of static values allows you to create fewer rules and use them more widely.

When you configure variables, you map specific devices to configured values and default values are replaced by these mapping when policies are applied. Note that variables are only used in group policies. They are not applicable to device policies.

Before You Begin

Procedure

To create a variable object:

  1. Select Configure > Shared Objects > Variables.
  2. Click Create.
  3. Complete the configuration according to the guidelines provided in Table 282 to Table 284.
  4. Click OK.

A new variable with your configurations is created. You can use this object in policies. You can also assign it to a domain; see Assigning Policies and Profiles to Domains.

Table 282: Variable Profile Settings

Setting

Guideline

Name

Enter a unique name for this variable. It must begin with an alphanumeric character and cannot exceed 63 characters. Dashes and underscores are allowed.

Description

Enter a description for your variable; maximum length is 1,024 characters. You should make this description as useful as possible for all administrators.

Type

Select a type of variable and fill in the corresponding fields. Available types are: Address or Zone. When you select a type, the required fields for that type are shown. See Table 283 for address types. See Table 284 for zone types.

Table 283: Create Variable Address Profile Setting

Setting

Guideline

Default Address

Select a predefined address by clicking anywhere within this field and choosing an address from the Select Address window or click Add to create a new default address. This default address is replaced with the mapped device-specific address when applied to the group firewall policy.

Context Value

Select the check box beside each device to which you want to map this variable address. Click the arrow to move the selected device or devices from the Available column to the Selected column. Only devices from the current and child domain are listed. Note that you can use the fields at the top of each column to search for listed devices.

Address

Select a predefined address by clicking anywhere within this field and choosing an address from the Select Address window. The default address is replaced by this device-specific address when applied to a policy that includes the selected device or devices.

Table 284: Create Zone Profile Settings

Setting

Guideline

Default Zone

Enter a zone. This default zone is replaced with the mapped zone when applied to the group firewall policy. The default value is trust.

Context Value

Select the check box beside each device to which you want to map this variable zone. Click the arrow to move the selected device or devices from the Available column to the Selected column. Note that you can use the fields at the top of each column to search for listed devices.

Zone

For SRX Series devices, select a zone from the list. The default zone is replaced by this device-specific zone when applied to a policy that includes the selected device or devices.

Starting in Junos Space Security Director Release 16.2, if you select an MX Series router, the Zone field lists all the AMS interfaces that are assigned to the service set. If you select both SRX Series devices and MX Series routers, both zones and AMS values are listed.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit