Example: Configuring Address Books and Address Sets
This example shows how to configure addresses and address sets in address books. It also shows how to attach address books to security zones.
Requirements
Before you begin:
- Configure the Juniper Networks security devices for network communication.
- Configure network interfaces on server and member devices.
See the Junos OS Interfaces Configuration Guide for Security Devices
. - Configure Domain Name System (DNS) services. For information about DNS, see DNS Overview.
Overview
In this example, you configure an address book with addresses and address sets (see Figure 1) to simplify configuring your company’s network. You create an address book called Eng-dept and add addresses of members from the Engineering department. You create another address book called Web and add a DNS name to it. Then you attach a security zone trust to the Eng-dept address book and security zone untrust to the Web address book. You also create address sets to group software and hardware addresses in the Engineering department. You plan to use these addresses as source address and destination addresses in your future policy configurations.
In addition, you add an address to the global address book, to be available to any security zone that has no address book attached to it.
Figure 1: Configuring Addresses and Address Sets
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
The following example requires you to navigate various
levels in the configuration hierarchy. For instructions on how to
do that, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide .
To configure addresses and address sets:
- Create security zones and assign interfaces to them.[edit]user@host# set security zones security-zone trust interfaces ge-0/0/0 user@host# set security zones security-zone untrust interfaces ge-0/0/1
- Create an address book and define addresses in it. [edit security address-book Eng-dept ]user@host# set address a1 1.1.1.1 user@host# set address a2 1.1.1.2 user@host# set address a3 1.1.1.3 user@host# set address a4 1.1.1.4
- Create address sets.[edit security address-book Eng-dept]user@host# set address-set sw-eng address a1 user@host# set address-set sw-eng address a2 user@host# set address-set hw-eng address a3 user@host# set address-set hw-eng address a4
- Attach the address book to a security zone. [edit security address-book Eng-dept]user@host# set attach zone trust
- Create another address book and attach it to a security
zone.[edit security address-book Web ]user@host# set address Intranet dns-name www-int.juniper.net user@host# set attach zone untrust
- Define an address in the global address book.[edit]user@host# set security address-book global address g1 2.2.2.2/24
Results
From configuration mode, confirm your configuration by entering the show security zones and show security address-book commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying Address Book Configuration
Purpose
Display information about configured address books and addresses.
Action
From configuration mode, enter the show security address-book command.
Verifying Global Address Book Configuration
Purpose
Display information about configured addresses in the global address book.
Action
From configuration mode, enter the show security address-book global command.
