You may look at "global policies" on the SRX. It may simplify your configuration (if I'm understanding you correctly.) Patrick
________________________________ From: Shombra Shombra <shom...@shombra.com.br> To: juniper-nsp@puck.nether.net Sent: Thursday, August 9, 2012 8:40 AM Subject: [j-nsp] Configuring policies on SRX Cluster Hello, First sorry for my english. I have many clients, one client and services per VLAN. On SRX I try to configure 7 clients and 3 services and 1 WAN, who some client and service has one VLAN and one ZONE. eg: Clients: Client 1 - VLAN 10 - Zone v10-Client-1 Client 2 - VLAN 20 - Zone v20-Client-2 Client 3 - VLAN 30 - Zone v30-Client-3 .... Client 6 - VLAN 60 - Zone v60-Client-6 Client 7 - VLAN 70 - Zone v70-Client-7 and Services: E-mail - VLAN 100 zone v100-EMAIL DNS - VLAN 200 - zone v200-DNS WEB - VLAN 300 - zone v300-WEB and WAN - reth1.0 - zone WAN if some client need access my e-mail i have to create a policy from v10-Client-1 to v100-EMAIL , if Client-2 need share the e-mail port to the word, I need open 25 for WAN, but if Client-3 have to send a e-mail for Client-2 i need create a policy from zone v30-Client-3 to zone v20-Client-2. if I have 1000 clients, this policies had became a mess. Someone has a solution for my policies to do not get messy? Best regards Carlos A. Bernardi F. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
