Example: Configuring Address Books

This example describes how to configure address books and address sets for a zone.

Requirements

Before you begin, configure the zones required in this example. See Example: Creating Security Zones.

Overview

In this example, you configure addresses and address sets for address books in the IntranetGREEN zone. This zone contains servers that belong to the same subnet. You can add individual addresses for the servers to the zone address list to accommodate users with access rights to one server but not the other. You can also add an address set to combine the servers into a single addressable entity.

Configuration

CLI Quick Configuration

To quickly configure address book entries for the IntranetGREEN zone, copy the following commands and paste them into the CLI.

[edit]set security zones security-zone IntranetGREEN address-book address G1 10.1.10.0/24set security zones security-zone IntranetGREEN address-book address G2 192.168.0.0/16 set security zones security-zone IntranetGREEN address-book address-set SerAll address G1 set security zones security-zone IntranetGREEN address-book address-set SerAll address G2

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For instructions on how to do that, see Using the CLI Editor in Configuration Mode.

To configure address book entries:

  1. Create a security zone.
    [edit]user@host# set security zones security-zone IntranetGREEN
  2. Create an address book and assign an address entry.
    [edit security zones security-zone IntranetGREEN]user@host# set address-book address G1 10.1.10.0/24
  3. Create another address book and assign an address entry.
    [edit security zones security-zone IntranetGREEN]user@host# set address-book address G2 192.168.0.0/16
  4. Configure an address set for all of the entries in Step 2.
    [edit security zones security-zone IntranetGREEN]user@host# set address-book address-set serAll address G1
  5. Configure another address set for the entries in Step 3.
    [edit security zones security-zone IntranetGREEN]user@host# set address-book address-set serAll address G2

Results

From configuration mode, confirm your configuration by entering the show security zones security-zone IntranetGREEN command. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.

[edit][user@host]show security zones security-zone IntranetGREENaddress-book {address G1 10.1.10.0/24;address G2 192.168.0.0/16;address-set serAll {address G1;address G2;}}

If you are done configuring the device, enter commit from configuration mode.

Verification

To confirm that the configuration is working properly, perform this task:

Verifying the Address book Entries

Purpose

Verify the list of address book entries currently configured in the device.

Action

From operational mode, enter the show security zones command.

Related Topics

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.