If you’re using JunOS 11.4 or later on a branch SRX, there is global policy support now.
http://kb.juniper.net/InfoCenter/index?page=content&id=KB28109 Regards, Andrew Jones From: Muhammad Atif Jauhar<mailto:atif.jau...@gmail.com> Sent: Sunday, February 9, 2014 11:23 PM To: juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net> Hi, I am migrating Netscreen to SRX Firewall. I am facing issue to migrate configuration of Global Policy. In Netscreen we have few policies from (Specific Zone) to Global Zone. set policy id 100 from "Trust" to "Global" "x.x.x.x" "Any-IPv4" "HTTP" permit log set policy id 100 set service "HTTPS" exit I have configure same in SRX under GROUP hierarchy. groups { node0 { security { policies { from-zone Trust to-zone <*> { policy test { match { source-address x.x.x.x; destination-address any; application [junos-http junos-https]; } then { permit; } } } } } } node1 { security { policies { from-zone Trust to-zone <*> { policy test { match { source-address x.x.x.x; destination-address any; application [junos-http junos-https]; } then { permit; } } } } } } } apply-groups "${node}"; Similar I have few more policies from different specific zones to Global. My question is that will I migrated this part correctly or not. If this is not correct, kindly let me know correct way to configure similar to netscreen policy. Regards, Muhammad Atif Jauhar (+966-56-00-04-985) _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp