Re: J2320 - V12.4 BGP And Firewall Setup

hi,

Still no joy, appears that source IPs are being ignored and the global deny policy then denies those connections coming in. What is odd is that we can see two to three devices connect fine from each remote site but any additional devices are then denied.

Config as follows:

## Last commit: 2017-09-25 19:52:15 BST by root
version 12.1X44-D40.2;
system {
host-name DC-MPLS-01;
time-zone Europe/London;
root-authentication {
encrypted-password 
}
name-server {
192.168.50.80;
192.168.50.81;
192.168.50.89;
}
login {
user administrator {
uid 2000;
class super-user;
authentication {
encrypted-password 
}
}
}
services {
ssh;
telnet;
web-management {
http;
}
}
syslog {
file policy_session {
user info;
match RT_FLOW;
archive size 1000k world-readable;
structured-data;
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
description "LAN HQ";
family inet {
address 192.168.50.4/22;
}
}
}
ge-0/0/2 {
description "WAN MPLS";
unit 0 {
family inet {
address 172.0.0.6/30;
}
}
}
ge-0/0/3 {
description "SWITCHING LAN";
unit 0 {
family inet {
address 10.1.1.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 172.0.0.6/32;
}
}
}
}
snmp {
name "MPLS DC";
description "MPLS DC";
location DC;
client-list client {
192.168.48.0/22;
}
community public {
authorization read-only;
client-list-name client;
}
trap-group "MPLS Traps" {
destination-port 155;
targets {
192.168.50.127;
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.50.4;
route 172.0.2.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.4.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.6.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.8.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.10.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.12.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.14.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.16.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.18.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.20.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.22.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.24.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.26.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.28.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.32.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.34.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.36.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.38.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.40.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.42.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.44.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.46.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.48.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.50.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.52.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.54.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.56.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.58.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.60.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.64.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.68.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.70.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.72.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.76.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.78.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.80.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.84.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.86.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.88.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.90.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.92.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.94.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.104.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.108.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.112.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.114.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.116.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.118.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.120.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.122.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.124.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.126.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.128.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.130.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.132.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.134.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.138.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.140.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.142.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.144.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.146.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.148.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.150.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.152.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.154.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.156.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.158.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.160.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.162.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.164.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.166.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.168.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.170.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.172.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.222.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.224.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.226.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.228.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.230.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.234.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.236.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.238.0/23 {
next-hop 192.168.50.250;
preference 250;
}
route 212.67.106.242/32 {
next-hop 192.168.50.250;
preference 250;
}
route 213.216.142.231/32 {
next-hop 192.168.50.250;
preference 250;
}
route 172.0.106.0/23 {
next-hop 192.168.50.250;
preference 10;
}
}
router-id 172.0.0.6;
autonomous-system 65000;
}
protocols {
bgp {
group TRVG {
type external;
description "BT MPLS PEER";
export export-LAN;
peer-as 2856;
neighbor 172.0.0.5 {
local-address 172.0.0.6;
hold-time 90;
}
}
}
}
policy-options {
policy-statement export-LAN {
from {
protocol [ direct local ];
interface ge-0/0/0.0;
}
then accept;
}
policy-statement jweb-policy-default-route {
from {
route-filter 0.0.0.0/0 exact;
}
then accept;
}
policy-statement jweb-policy-direct {
from {
protocol direct;
interface ge-0/0/2.0;
}
then accept;
}
policy-statement jweb-policy-rip {
from protocol rip;
then accept;
}
}
security {
address-book {
TRUSTED-HOSTS {
description TRUSTED-HOSTS;
address CTX-APP01 {
description CTX-APP01;
192.168.50.131/32;
}
address CTX-APP02 {
description CTX-APP02;
192.168.50.132/32;
}
address CTX-APP03 {
description CTX-APP03;
192.168.50.133/32;
}
address CTX-APP04 {
description CTX-APP04;
192.168.50.134/32;
}
address MGMT1 {
description MGMT1;
192.168.50.226/32;
}
address STOREFRONT {
description STOREFRONT;
192.168.50.127/32;
}
address PRINT1 {
description PRINT1;
192.168.50.134/32;
}
address DC1 {
description DC1;
192.168.50.80/32;
}
address DC2 {
description DC2;
192.168.50.81/32;
}
address DC4 {
description DC4;
192.168.50.89/32;
}
address CTX-APP05 {
description CTX-APP05;
192.168.50.135/32;
}
address CTX-APP06 {
description CTX-APP06;
192.168.50.136/32;
}
address CTX-APP07 {
description CTX-APP07;
192.168.50.140/32;
}
address CTX-APP08 {
description CTX-APP08;
192.168.50.141/32;
}
address CTX-APP09 {
description CTX-APP09;
192.168.50.142/32;
}
address CTX-APP10 {
description CTX-APP10;
192.168.50.137/32;
}
address CTX-APP11 {
description CTX-APP11;
192.168.50.138/32;
}
address CTX-APP12 {
description CTX-APP12;
192.168.50.139/32;
}
address CTX-APP14 {
description CTX-APP14;
192.168.50.143/32;
}
address CTX-APP15 {
description CTX-APP15;
192.168.50.144/32;
}
address-set TRUSTED-HOSTS {
description TRUSTED-HOSTS;
address CTX-APP01;
address CTX-APP02;
address CTX-APP03;
address CTX-APP04;
address MGMT1;
address STOREFRONT;
address PRINT1;
address DC1;
address DC2;
address DC4;
address CTX-APP05;
address CTX-APP06;
address CTX-APP07;
address CTX-APP08;
address CTX-APP09;
address CTX-APP10;
address CTX-APP11;
address CTX-APP12;
address CTX-APP14;
address CTX-APP15;
}
attach {
zone Trust;
}
}
UNTRUSTED-HOSTS {
description UNTRUSTED-HOSTS;
address TEST-SITE {
description TEST-SITE;
wildcard-address 172.0.166.0/23;
}
address TEST-SITE-LOOPBACK {
description TEST-SITE-LOOPBACK;
wildcard-address 172.200.166.0/24;
}
address ANCORA {
description ANCORA;
wildcard-address 172.0.156.0/23;
}
address BARR {
description BARR;
wildcard-address 172.0.88.0/23;
}
address BELFAST {
description BELFAST;
wildcard-address 172.0.140.0/23;
}
address BELLSHILL {
description BELLSHILL;
wildcard-address 172.0.142.0/23;
}
address BONESS {
description BONESS;
wildcard-address 172.0.38.0/23;
}
address BRADFORD {
description BRADFORD;
wildcard-address 172.0.228.0/23;
}
address CAMBRIDGE {
description CAMBRIDGE;
wildcard-address 172.0.72.0/23;
}
address DOWNPATRICK {
description DOWNPATRICK;
wildcard-address 172.0.18.0/23;
}
address GALAXY {
description GALAXY;
wildcard-address 172.0.50.0/23;
}
address GLASGOW {
description GLASGOW;
wildcard-address 172.0.48.0/23;
}
address GOTPEOPLE {
description GOTPEOPLE;
wildcard-address 172.0.118.0/23;
}
address HASTINGS {
description HASTINGS;
wildcard-address 172.0.152.0/23;
}
address HUDDERSFIELD {
description HUDDERSFIELD;
wildcard-address 172.0.36.0/23;
}
address HULL {
description HULL;
wildcard-address 172.0.106.0/23;
}
address INSIDERIGHT {
description INSIDERIGHT;
wildcard-address 172.0.146.0/23;
}
address IPSWICH {
description IPSWICH;
wildcard-address 172.0.10.0/23;
}
address KERRYFOODS {
description KERRYFOODS;
wildcard-address 172.0.68.0/23;
}
address KINGSLYNN {
description KINGSLYNN;
wildcard-address 172.0.8.0/23;
}
address LIGA {
description LIGA;
wildcard-address 172.0.138.0/23;
}
address LYONS {
description LYONS;
wildcard-address 172.0.168.0/23;
}
address MAK {
description MAK;
wildcard-address 172.0.86.0/23;
}
address MASSINGHAM {
description MASSINGHAM;
wildcard-address 172.0.90.0/23;
}
address MILTONKEYNES {
description MILTONKEYNES;
wildcard-address 172.0.116.0/23;
}
address NORWICH-NR13QL {
description NORWICH-NR13QL;
wildcard-address 172.0.160.0/23;
}
address NORWICH-NR31AZ {
description NORWICH-NR31AZ;
wildcard-address 172.0.154.0/23;
}
address PEBBLE {
description PEBBLE;
wildcard-address 172.0.26.0/23;
}
address PETERBOROUGH {
description PETERBOROUGH;
wildcard-address 172.0.20.0/23;
}
address READING {
description READING;
wildcard-address 172.0.24.0/23;
}
address RESOLVE {
description RESOLVE;
wildcard-address 172.0.120.0/23;
}
address SENIORSALMON {
description SENIORSALMON;
wildcard-address 172.0.66.0/23;
}
address SOUTHEND {
description SOUTHEND;
wildcard-address 172.0.12.0/23;
}
address STEVENAGE {
description STEVENAGE;
wildcard-address 172.0.16.0/23;
}
address TEACHERHUB-BRISTOL {
description TEACHERHUB-BRISTOL;
wildcard-address 172.0.162.0/23;
}
address TEACHERHUB-WATFORD {
description TEACHERHUB-WATFORD;
wildcard-address 172.0.164.0/23;
}
address TENNIAL {
description TENNIAL;
wildcard-address 172.0.124.0/23;
}
address THORNE {
description THORNE;
wildcard-address 172.0.150.0/23;
}
address TOMLIN {
description TOMLIN;
wildcard-address 172.0.134.0/23;
}
address TOPTEAM {
description TOPTEAM;
wildcard-address 172.0.114.0/23;
}
address TOTTENHAM {
description TOTTENHAM;
wildcard-address 172.0.64.0/23;
}
address UNIVERSAL {
description UNIVERSAL;
wildcard-address 172.0.94.0/23;
}
address VANTA {
description VANTA;
wildcard-address 172.0.170.0/23;
}
address WAKEFIELD {
description WAKEFIELD;
wildcard-address 172.0.70.0/23;
}
address WARRINGTON {
description WARRINGTON;
wildcard-address 172.0.126.0/23;
}
address WHURK {
description WHURK;
wildcard-address 172.0.148.0/23;
}
address WORCESTER {
description WORCESTER;
wildcard-address 172.0.234.0/23;
}
address WORTHING {
description WORTHING;
wildcard-address 172.0.142.0/23;
}
address BELFAST-LOOPBACK {
description BELFAST-LOOPBACK;
wildcard-address 172.200.140.0/23;
}
address BELLSHILL-LOOPBACK {
description BELLSHILL-LOOPBACK;
wildcard-address 172.200.142.0/23;
}
address BONESS-LOOPBACK {
description BONESS-LOOPBACK;
wildcard-address 172.200.38.0/23;
}
address BRADFORD-LOOPBACK {
description BRADFORD-LOOPBACK;
wildcard-address 172.200.228.0/23;
}
address CAMBRIDGE-LOOPBACK {
description CAMBRIDGE-LOOPBACK;
wildcard-address 172.200.72.0/23;
}
address DOWNPATRICK-LOOPBACK {
description DOWNPATRICK-LOOPBACK;
wildcard-address 172.200.18.0/23;
}
address GALAXY-LOOPBACK {
description GALAXY-LOOPBACK;
wildcard-address 172.200.50.0/23;
}
address GLASGOW-LOOPBACK {
description GLASGOW-LOOPBACK;
wildcard-address 172.200.48.0/23;
}
address GOTPEOPLE-LOOPBACK {
description GOTPEOPLE-LOOPBACK;
wildcard-address 172.200.118.0/23;
}
address HASTINGS-LOOPBACK {
description HASTINGS-LOOPBACK;
wildcard-address 172.200.152.0/23;
}
address HUDDERSFIELD-LOOPBACK {
description HUDDERSFIELD-LOOPBACK;
wildcard-address 172.200.36.0/23;
}
address HULL-LOOPBACK {
description HULL-LOOPBACK;
wildcard-address 172.200.106.0/23;
}
address INSIDERIGHT-LOOPBACK {
description INSIDERIGHT-LOOPBACK;
wildcard-address 172.200.146.0/23;
}
address IPSWICH-LOOPBACK {
description IPSWICH-LOOPBACK;
wildcard-address 172.200.10.0/23;
}
address KERRYFOODS-LOOPBACK {
description KERRYFOODS-LOOPBACK;
wildcard-address 172.200.68.0/23;
}
address KINGSLYNN-LOOPBACK {
description KINGSLYNN-LOOPBACK;
wildcard-address 172.200.8.0/23;
}
address LIGA-LOOPBACK {
description LIGA-LOOPBACK;
wildcard-address 172.200.138.0/23;
}
address LYONS-LOOPBACK {
description LYONS-LOOPBACK;
wildcard-address 172.200.168.0/23;
}
address MAK-LOOPBACK {
description MAK-LOOPBACK;
wildcard-address 172.200.86.0/23;
}
address MASSINGHAM-LOOPBACK {
description MASSINGHAM-LOOPBACK;
wildcard-address 172.200.90.0/23;
}
address MILTONKEYNES-LOOPBACK {
description MILTONKEYNES-LOOPBACK;
wildcard-address 172.200.116.0/23;
}
address NORWICH-NR13QL-LOOPBACK {
description NORWICH-NR13QL-LOOPBACK;
wildcard-address 172.200.160.0/23;
}
address NORWICH-NR31AZ-LOOPBACK {
description NORWICH-NR31AZ-LOOPBACK;
wildcard-address 172.200.154.0/23;
}
address PEBBLE-LOOPBACK {
description PEBBLE-LOOPBACK;
wildcard-address 172.200.26.0/23;
}
address PETERBOROUGH-LOOPBACK {
description PETERBOROUGH-LOOPBACK;
wildcard-address 172.200.20.0/23;
}
address READING-LOOPBACK {
description READING-LOOPBACK;
wildcard-address 172.200.24.0/23;
}
address RESOLVE-LOOPBACK {
description RESOLVE-LOOPBACK;
wildcard-address 172.200.120.0/23;
}
address SENIORSALMON-LOOPBACK {
description SENIORSALMON-LOOPBACK;
wildcard-address 172.200.66.0/23;
}
address SOUTHEND-LOOPBACK {
description SOUTHEND-LOOPBACK;
wildcard-address 172.200.12.0/23;
}
address STEVENAGE-LOOPBACK {
description STEVENAGE-LOOPBACK;
wildcard-address 172.200.16.0/23;
}
address TEACHERHUB-BRISTOL-LOOPBACK {
description TEACHERHUB-BRISTOL-LOOPBACK;
wildcard-address 172.200.162.0/23;
}
address TEACHERHUB-WATFORD-LOOPBACK {
description TEACHERHUB-WATFORD-LOOPBACK;
wildcard-address 172.200.164.0/23;
}
address TENNIAL-LOOPBACK {
description TENNIAL-LOOPBACK;
wildcard-address 172.200.124.0/23;
}
address THORNE-LOOPBACK {
description THORNE-LOOPBACK;
wildcard-address 172.200.150.0/23;
}
address TOMLIN-LOOPBACK {
description TOMLIN-LOOPBACK;
wildcard-address 172.200.134.0/23;
}
address TOPTEAM-LOOPBACK {
description TOPTEAM-LOOPBACK;
wildcard-address 172.200.114.0/23;
}
address TOTTENHAM-LOOPBACK {
description TOTTENHAM-LOOPBACK;
wildcard-address 172.200.64.0/23;
}
address UNIVERSAL-LOOPBACK {
description UNIVERSAL-LOOPBACK;
wildcard-address 172.200.94.0/23;
}
address VANTA-LOOPBACK {
description VANTA-LOOPBACK;
wildcard-address 172.200.170.0/23;
}
address WAKEFIELD-LOOPBACK {
description WAKEFIELD-LOOPBACK;
wildcard-address 172.200.70.0/23;
}
address WARRINGTON-LOOPBACK {
description WARRINGTON-LOOPBACK;
wildcard-address 172.200.126.0/23;
}
address WHURK-LOOPBACK {
description WHURK-LOOPBACK;
wildcard-address 172.200.148.0/23;
}
address WORCESTER-LOOPBACK {
description WORCESTER-LOOPBACK;
wildcard-address 172.200.234.0/23;
}
address WORTHING-LOOPBACK {
description WORTHING-LOOPBACK;
wildcard-address 172.200.142.0/23;
}
address-set DEREHAM-LAB {
description DEREHAM-LAB;
address TEST-SITE;
address TEST-SITE-LOOPBACK;
}
attach {
zone UnTrust;
}
}
}
policies {
from-zone Trust to-zone UnTrust {
policy Trust-Untrust {
description Trust-Untrust;
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
log {
session-init;
session-close;
}
count;
}
}
}
from-zone UnTrust to-zone Trust {
policy UNTRUST-TRUST-BRANCHES {
description UNTRUST-TRUST-BRANCHES;
match {
source-address any;
destination-address TRUSTED-HOSTS;
application BRANCH-PORTS;
}
then {
permit;
log {
session-init;
session-close;
}
count;
}
}
}
global {
policy default-deny {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-init;
session-close;
}
}
}
}
default-policy {
deny-all;
}
}
zones {
security-zone Trust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
lo0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone UnTrust {
host-inbound-traffic {
protocols {
bgp;
}
}
interfaces {
ge-0/0/2.0 {
host-inbound-traffic {
protocols {
bgp;
}
}
}
}
}
}
}
applications {
application VNC {
protocol tcp;
destination-port 5900;
description VNC;
}
application Terminal_Citrix_1494 {
protocol tcp;
destination-port 1494;
description Terminal_Citrix_1494;
}
application Terminal_Citrix_1604 {
protocol tcp;
destination-port 1604;
description Terminal_Citrix_1604;
}
application Terminal_Citrix_2598 {
protocol tcp;
destination-port 2598;
description Terminal_Citrix_2598;
}
application Terminal_Citrix_2512 {
protocol tcp;
destination-port 2512;
description Terminal_Citrix_2512;
}
application Terminal_Citrix_2513 {
protocol tcp;
destination-port 2513;
description Terminal_Citrix_2513;
}
application Terminal_Management_30001-30005 {
protocol tcp;
destination-port 30001-30005;
description Terminal_Management_30001-30005;
}
application Terminal_Management_9080 {
protocol tcp;
destination-port 9080;
description Terminal_Management_9080;
}
application Terminal_Management_33751 {
protocol tcp;
destination-port 33751;
description Terminal_Management_33751;
}
application Terminal_Management_39107 {
protocol tcp;
destination-port 39107;
description Terminal_Management_39107;
}
application Terminal_Management_44383 {
protocol tcp;
destination-port 44383;
description Terminal_Management_44383;
}
application Terminal_Management_30001-30005-UDP {
protocol udp;
destination-port 30001-30005;
description Terminal_Management_30001-30005-UDP;
}
application Zyxel-HTTPS {
protocol tcp;
destination-port 444;
description Zyxel-HTTPS;
}
application-set BRANCH-PORTS {
description BRANCH-PORTS;
application Terminal_Citrix_1494;
application Terminal_Citrix_1604;
application Terminal_Citrix_2598;
application Terminal_Citrix_2512;
application Terminal_Citrix_2513;
application Terminal_Management_30001-30005;
application Terminal_Management_9080;
application Terminal_Management_33751;
application Terminal_Management_39107;
application Terminal_Management_44383;
application Terminal_Management_30001-30005-UDP;
application Zyxel-HTTPS;
application junos-smtp;
application junos-dns-udp;
application junos-dns-tcp;
application junos-http;
application junos-https;
}
}