Matching Policy Script

This is a script to test policies in SRX, what is called: Maching Policies

First, you need to download the script from this link

Or from this link

1212

library/juniper/op/display/policy-test/policy-test-V2.slax

Upload the file via WinSCP to SRX machine to path: /var/db/scripts/op

Run this command:

FW1# set system scripts op file policy-test-V2.slax command test-policy

commit and-quit

FW1# set system scripts op file policy-test-V2.slax command test-policy

commit and-quit

The meaning of the command: In order to run the script policy-Test-V2.slax , run the command “test-policy” command after “op” command

1212

For illustration, I ran the command op test-policy destination-address 8.8.8.8

admin@Soda-FW1> op test-policy destination-address 8.8.8.8
From-Zone       To-Zone         Name                      Src-Addr                  Dst-Addr                  Application     Action
trust-il        untrust-il      331                       il_lehavim_10.10.69.110(  any-ipv4(global)          any             permit
IL_Blackbery(global)      any-ipv6(global)
trust-il        untrust-il      145                       any-ipv4(global)          any-ipv4(global)          junos-dns-tcp   permit
any-ipv6(global)          any-ipv6(global)          junos-dns-udp
junos-ftp
junos-http
http-8080
junos-https
pineapp3
Proxy_8081
Proxy_8082
junos-icmp-all
Remote-Desktop
TCP_5001
trust-il        untrust-il      141                       il-host-192.118.20.26(gl  any-ipv4(global)          junos-https     permit
any-ipv6(global)          junos-smtp
junos-http
trust-il        untrust-il      99                        IL_LAN_1(global)          any-ipv4(global)          junos-ssh       permit
il-mishor-net(global)     any-ipv6(global)
il-ashkelon(global)
trust-il        untrust-il      19                        IL-Kst-DC01(global)       any-ipv4(global)          NTP-ALL         permit
any-ipv6(global)
trust-il        untrust-il      153                       192.118.20.182(global)    any-ipv4(global)          junos-smtp      permit
il-kst-mail01(global)     any-ipv6(global)
il-kst-ex2010(global)
Ecommerce_Dev_Server(glo
trust-il        untrust-il      154                       net_10_10_62(global)      any-ipv4(global)          junos-http      permit
any-ipv6(global)          junos-https
junos-icmp-all
trust-il        untrust-il      293                       Camera_server(global)     any-ipv4(global)          TCP_192         permit
any-ipv6(global)          TCP_389
trust-il        untrust-il      294                       Camera_UVCAC(global)      any-ipv4(global)          udp_1719        permit
any-ipv6(global)          udp_1718
trust-il        untrust-il      295                       uvc_mp(global)            any-ipv4(global)          any             permit
Camera_server(global)     any-ipv6(global)
Camera_UVCAC(global)
trust-il        untrust-il      ToGmail                   Net_10.10.66(global)      any-ipv4(global)          Gmail_port      permit
any-ipv6(global)
dmz-il          untrust-il      68                        Vcenter-dmz(global)       any-ipv4(global)          any             permit
Masofonim_Server_DMZ(glo  any-ipv6(global)
dmz-il          untrust-il      71                        Masofonim_Server_DMZ(glo  any-ipv4(global)          GPRS            permit
any-ipv6(global)
dmz-il          untrust-il      48                        Pineapp(global)           any-ipv4(global)          junos-dns-tcp   permit
any-ipv6(global)          junos-dns-udp
junos-http
dmz-il          untrust-il      80                        il_ssl(global)            any-ipv4(global)          junos-http      permit
any-ipv6(global)          junos-https
dmz-il          untrust-il      TED_TEST                  il_isa(global)            any-ipv4(global)          junos-https     permit
any-ipv6(global)
dmz-il          untrust-il      junosSpace                JunosSpace_Self(global)   any-ipv4(global)          junos-http      permit
JunosSpace_WEB(global)    any-ipv6(global)          junos-https
junos-icmp-all
junos-ftp
junos-dns-tcp
junos-dns-udp
junos-ssh
dmz-il          untrust-il      STRM                      STRM(global)              any-ipv4(global)          junos-http      permit
any-ipv6(global)          junos-https
junos-ftp
junos-ssh
junos-dns-udp
junos-dns-tcp
dmz-il          untrust-il      Test_mendi-to-int         Test-Mendi(global)        any-ipv4(global)          any             permit
any-ipv6(global)

{primary:node0}

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s