nemith · October 1, 2014 19:11
diff --git a/gistfile1.txt b/gistfile1.txt
 object-group network webservers
 network-object host 10.1.1.11/24
 network-object host 10.1.1.12/24
 network-object host 10.1.1.13/24

 object-group network dmzservers
 network-object host 10.1.1.11/24

 object-group network portalservers
 network-object host 10.1.1.11/24



 access-list acl_inside line 1 extended permit ip object-group webservers 192.168.50.0 255.255.255.0 any 
 access-list acl_inside line 2 extended permit object-group dmzservers object-group adservers any
 access-list acl_inside line 1 extended permit icmp any any 10.1.1.11 eq www
 access-list acl_dmz line 1 extended permit any any object-group portalservers 10.1.1.11/24 eq www



 security{
 	address-book {
 		global {
 		    address SERVER1 10.1.1.11/24;
 		    address inside-hostys 192.168.50.0/24
 		    address-set portalservers {
 		        address SERVER1;
 		    }
 		    address-set dmzservers {
 		        address SERVER1;
 		    }
 		    address-set webservers {
 		        address SERVER1;
 		        address SERVER2;
 		        address SERVER3;
 		    }
 		}

 	}
 	policies from-zone DMZ to-zone TRUST {
    	policy 1 {
        	match {
        		source-address webservers;
            	destination-address inside-hosts;
            	application any;
            }
        	then permit;
        }
    	policy 2 {
        	match {
        		source-address dmzservers;
            	destination-address adservers;
            	application any;
            }
        	then permit;
        }
    }
 	policies from-zone UNTRUST to-zone DMZ {
    	policy 1 {
        	match {
        		source-address any;
            	destination-address SERVER1;
            	application junos-icmp;
            }
        	then permit;
        }
    	policy 2 {
        	match {
        		source-address any;
            	destination-address portalservers;
            	application junos-http;
            }
        	then permit;
        }
 }
	object-group network webservers
	network-object host 10.1.1.11/24
	network-object host 10.1.1.12/24
	network-object host 10.1.1.13/24

	object-group network dmzservers
	network-object host 10.1.1.11/24

	object-group network portalservers
	network-object host 10.1.1.11/24



	access-list acl_inside line 1 extended permit ip object-group webservers 192.168.50.0 255.255.255.0 any
	access-list acl_inside line 2 extended permit object-group dmzservers object-group adservers any
	access-list acl_inside line 1 extended permit icmp any any 10.1.1.11 eq www
	access-list acl_dmz line 1 extended permit any any object-group portalservers 10.1.1.11/24 eq www



	security{
	address-book {
	global {
	address SERVER1 10.1.1.11/24;
	address inside-hostys 192.168.50.0/24
	address-set portalservers {
	address SERVER1;
	}
	address-set dmzservers {
	address SERVER1;
	}
	address-set webservers {
	address SERVER1;
	address SERVER2;
	address SERVER3;
	}
	}

	}
	policies from-zone DMZ to-zone TRUST {
	policy 1 {
	match {
	source-address webservers;
	destination-address inside-hosts;
	application any;
	}
	then permit;
	}
	policy 2 {
	match {
	source-address dmzservers;
	destination-address adservers;
	application any;
	}
	then permit;
	}
	}
	policies from-zone UNTRUST to-zone DMZ {
	policy 1 {
	match {
	source-address any;
	destination-address SERVER1;
	application junos-icmp;
	}
	then permit;
	}
	policy 2 {
	match {
	source-address any;
	destination-address portalservers;
	application junos-http;
	}
	then permit;
	}
	}
No results found