cancel
Showing results for 
Search instead for 
Did you mean: 

policy to limit access from untrust zone

Highlighted
New Contributor

policy to limit access from untrust zone

Dear All,

 

I hope you are well.

 

I have configured my UTM juniper ssg 20 to permit access from untrust zone by only one ip address but it doesnt work; I have configured UTM as follow:

 

Source : ip addr from untrust zone

Dest : IP addr of UTM untrust interface

Service : https

etc.

 

After this configuration, all ip adrr from untrust can get access on UTM.

I need your help to limit access to the only ip add from untrust zone

 

note that I have not others policies from untrust zone to trust zone

 

Thanks

6 REPLIES 6
Highlighted
New Contributor

Re: policy to limit access from untrust zone

no update, please?

Highlighted
Valued Contributor

Re: policy to limit access from untrust zone

Please share your config.

Highlighted
New Contributor

Re: policy to limit access from untrust zone

see my config in attachment.

Highlighted
New Contributor

Re: policy to limit access from untrust zone

display.jpg

Highlighted
Valued Contributor

Re: policy to limit access from untrust zone

That is not your config. It is a screen shot of one line of your policies.

Highlighted
Super Contributor

Re: policy to limit access from untrust zone

Your description is not clear to me.  But I think you are trying to restrict access to the SSG web management interface on the untrust zone to a specific ip address.

 

If this is the case, you would be using the manager-ip function and not security policies.

 

But manager-ip applies to all interfaces on the device regardless of zone that are enabled for management access.  So in addition to adding your outside address you would also need to add the inside network addresses that would need management access on the trust interfaces.

 

And remember to add the network segment you are currently connected from FIRST.  As these restrictions take place immediately cutting off your access otherwise.

 

Web UI:

Configuration--Admin--Permitted IPs

 

CLI:

set admin manager-ip 192.168.0.0 255.255.0.0

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home