• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 732
  • Last Modified:

specify a range of addresses in SSG140 (Screen OS 6.0.0r5.0 (Firewall+VPN))

I want to have a policy defined for a range of IP address (192.168.0.1-192.168.0.99 and 192.168.2.41-192.168.2.99) in SSG140, from trust -untrust. Bu the problem is that I am not able to define these range of IPs in Policy > Policy Elements > Addresses > List. I am able to define a single IP or a domain name. Can any one tell me how to do it (from web not CLI)

0
Zacharia Kurian
Asked:
Zacharia Kurian
  • 4
  • 3
1 Solution
 
dpk_walCommented:
I do not think what you wish to do is possible; you can define either a single IP [add all of them one-by-one really a bad solution] or IP/subnet [you would need to make sure that the subnet is big enough to cover all the IP addresses and there is no overlap] and then use the address object or address object group in the policy.

Other option is to create a policy based routing and in an access list add wildcard which would take care of the IP address you wish to put.
Currently you cannot put the wildcard in a policy, it has to be through a policy based routing [configured in virtual router, along with extended access list, action and match groups, policy and policy binding].

Please let know if you need more details.

Thank you.
0
 
Zacharia KurianAdministrator- Data Center & NetworkAuthor Commented:
After contacting the juniper, I am convinced that I can not assign a range of IPS. So I would like to close this question
0
 
dpk_walCommented:
Sorry that the device currently does not support what you wish to implement in an easy way.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
Zacharia KurianAdministrator- Data Center & NetworkAuthor Commented:
I have already posted my answer which I got from the Juniper and I requested to close it
0
 
dpk_walCommented:
I think the solution is what I had suggested as well, comment ID: 21864996.
0
 
Zacharia KurianAdministrator- Data Center & NetworkAuthor Commented:
When I requested to close this question in event  -ID: 22210609, no objection was raised. so how come now? Recently Junipe mentioned that they are working on the problem I mentioned (they consider it as a needed feature in the coming screen OS versions). So where am I?
0
 
dpk_walCommented:
In my comment I had mentioned "I do not think what you wish to do is possible" and then also possible workarounds for the problem.

So, I think a solution which was technically correct was offered for the problem; don't think that this question should be deleted.

Thank you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now