security { zones { security-zone WLC_net { replace: address-book { address NDN_TUG_WLC_NET_0 109.105.104.16/28; address-set NDN_TUG_WLC_NET { address NDN_TUG_WLC_NET_0; } } } security-zone NORDUnet_nets { replace: address-book { address NORDUNET_AGGREGATE_0 109.105.96.0/19; address NORDUNET_AGGREGATE_1 193.10.252.0/24; address NORDUNET_AGGREGATE_2 193.10.254.0/24; address NORDUNET_AGGREGATE_3 193.11.3.0/24; address NORDUNET_AGGREGATE_4 194.68.13.0/24; address SUNET_AP_STATICS_0 130.242.82.30/32; address SUNET_AP_STATICS_1 130.242.121.137/32; address-set NORDUNET_AGGREGATE { address NORDUNET_AGGREGATE_0; address NORDUNET_AGGREGATE_1; address NORDUNET_AGGREGATE_2; address NORDUNET_AGGREGATE_3; address NORDUNET_AGGREGATE_4; } address-set SUNET_AP_STATICS { address SUNET_AP_STATICS_0; address SUNET_AP_STATICS_1; } } } } replace: policies { /* $Id: ./filters/sample_tug_wlc_fw.srx $ $Date: 2015/03/26 $ */ from-zone NORDUnet_nets to-zone WLC_net { policy permit-icmp { match { source-address any; destination-address [ NDN_TUG_WLC_NET ]; application permit-icmp-app; } then { permit; } } policy permit-traceroute { match { source-address any; destination-address [ NDN_TUG_WLC_NET ]; application permit-traceroute-app; } then { permit; } } policy permit-NORDUnet { match { source-address [ NORDUNET_AGGREGATE SUNET_AP_STATICS ]; destination-address [ NDN_TUG_WLC_NET ]; application any; } then { permit; } } policy default-deny { match { source-address any; destination-address any; application any; } then { deny; } } } } } replace: applications { application-set permit-icmp-app { application permit-icmp-app1; } application permit-icmp-app1 { term t1 protocol icmp; } application-set permit-traceroute-app { application permit-traceroute-app1; } application permit-traceroute-app1 { term t1 protocol udp destination-port 33434-33534; } }