Related Documentation
- J Series
- Verifying Scheduled Policies
- SRX Series
- Verifying Scheduled Policies
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Example: Configuring Schedulers
This example shows how to configure schedulers.
Requirements
Before you begin:
- Understand security policies schedulers. See Security Policies Overview.
- Configure security zones before applying this configuration.
Overview
Schedulers are powerful features that allow a policy to be activated for a specified duration. You can define schedulers for a single (nonrecurrent) or recurrent time slot within which a policy is active. If you want a policy to be active within a scheduled time, then you must first create a scheduler.
To configure a scheduler, you enter a meaningful name and a start and stop time for the scheduler. You can also attach comments.
In this example, you:
- Specify the scheduler, sch1, that allows a policy, which refers to it, to be used for packet match checks from 8 AM to 9 PM all days of the week from October 1, 2009 to June, 2010 except Sundays.
- Configure another scheduler, SunHrs, to check for packet matches from noon to 6 PM on Sundays.
- Create a policy, abc, and specify the match conditions and action to be taken on traffic that matches the specified conditions. and bind the schedulers to the policy to allow access during the specified weekend hours.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
The following example requires you to navigate various
levels in the configuration hierarchy. For instructions on how to
do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide .
To configure a scheduler:
- Set a scheduler.[edit schedulers ]user@host# set scheduler sch1 start-date 2009-10-01.08:00 stop-date 2010-06-01.21:00user@host# set scheduler sch1 sunday exclude
- Set another scheduler.[edit schedulers]user@host# set scheduler SunHrs sunday start-time 12:00 stop-time 18:00
- Specify the match conditions for the policy.[edit security policies from-zone green to-zone red policy abc]user@host# set match source-address any destination-address any application any
- Specify the action.[edit security policies from-zone green to-zone red policy abc]user@host# set then permit
- Associate the scheduler to the policy.[edit security policies from-zone green to-zone red policy abc ]user@host# set scheduler-name sch1
Results
From configuration mode, confirm your configuration by entering the show schedulers command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit from configuration mode.
Verification
To confirm that the configuration is working properly, perform these tasks:
Verifying Schedulers are Active
Purpose
Verify if schedulers are enabled or not.
Action
From operational mode, enter the show schedulers command.
Verifying Policies
Purpose
Verify if the policies are working.
Action
From operational mode, enter the show security policies command.
Related Documentation
- J Series
- Verifying Scheduled Policies
- SRX Series
- Verifying Scheduled Policies
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
