Hi,
That is what I'm doing so far. But what a I want is to use nested groups of prefixes like we have in the srx.
Example
SYSLOG-SOURCES
|-> SYSLOG-NYC (inside tis group, defined 3 prefixes)
|-> SYSLOG-LAX (inside tis group, we declare 5 prefixes)
So we can have something like this:
set firewall family inet filter TERM1 term IN-Allow-SYSLOG from destination-address 148.64.56.88/32
set firewall family inet filter TERM1 term IN-Allow-SYSLOG from source-prefix-list SYSLOG-SOURCES
set firewall family inet filter TERM1 term IN-Allow-SYSLOG from protocol udp
set firewall family inet filter TERM1 term IN-Allow-SYSLOG from destination-port 514
set firewall family inet filter TERM1 term IN-Allow-SYSLOG then accept