Example NSM service templates
NSM service designers can use the following example NSM service templates as models for creating their own NSM service templates.
Example NSM service template for a VLAN service
The following example NSM service template manages VLAN routing on a CISCO router.
<serviceTemplate name="VLAN Routing" description="Create VLAN and add Vlan Routing for a Cisco Router">
<clientParameters>
<clientParameter>
<name>VLAN_NUMBER</name>
<description>The VLAN number to create</description>
</clientParameter>
<clientParameter>
<name>ACCESS_VLAN_IP</name>
<description>The Access IP address for the new VLAN</description>
</clientParameter>
<clientParameter>
<name>SVI_IP</name>
<description>The Switch Virtual Interface IP</description>
</clientParameter>
<clientParameter>
<name>SVI_SUBNET</name>
<description>The Switch Virtual Interface IP's sub Network</description>
</clientParameter>
</clientParameters>
<implementations>
<implementation description="Implementation Rule which covers all Cisco Routers">
<rules>
<rule type="DeviceType">
<ruleProperty name="Vendor" value="Cisco"/>
<ruleProperty name="Type" value="Router"/>
<ruleProperty name="Model" value=".*"/>
<ruleProperty name="OS" value=".*"/>
</rule>
</rules>
<serviceOperations>
<serviceOperation type="CREATE">
<operations>
<operation name="ITNCM/ADD_VLAN_ACCESS_PORT" type="COMMANDSET" order="1">
<parameters>
<parameter name="VLAN_NUMBER"/>
<parameter name="ACCESS_VLAN_IP"/>
</parameters>
</operation>
<operation name="ITNCM/ADD_VLAN_ROUTING" type="COMMANDSET" order="2">
<parameters>
<parameter name="VLAN_NUMBER"/>
<parameter name="SVI_IP"/>
<parameter name="SVI_SUBNET"/>
</parameters>
</operation>
</operations>
</serviceOperation>
<serviceOperation type="DELETE">
<operations>
<operation name="ITNCM/REMOVE_VLAN_ACCESS_PORT" type="COMMANDSET" order="1">
<parameters>
<parameter name="VLAN_NUMBER"/>
</parameters>
</operation>
<operation name="ITNCM/REMOVE_VLAN_ROUTING" type="COMMANDSET" order="2">
<parameters>
<parameter name="VLAN_NUMBER"/>
<parameter name="SVI_SUBNET"/>
</parameters>
</operation>
</operations>
</serviceOperation>
</serviceOperations>
</implementation>
</implementations>
</serviceTemplate>
The following example shows the corresponding VLAN native command set for the NSM service template that manages VLAN routing on a CISCO router.
FileType=NativeCommandSet
Name=ADD_VLAN_ACCESS_PORT
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=true
StopOnError=true
String=exit
vlan database
vlan $VLAN_NUMBER$
exit
config term
interface FastEthernet0/13
description New Host
no shutdown
switchport access vlan $VLAN_NUMBER$
no ip address
spanning-tree portfast
!
interface Vlan$VLAN_NUMBER$
ip address $ACCESS_VLAN_IP$ 255.255.255.0
!
int f0/0
switchport trunk allowed vlan add $VLAN_NUMBER$
int f0/1
switchport trunk allowed vlan add $VLAN_NUMBER$
!
FileType=NativeCommandSet
Name=ADD_VLAN_ROUTING
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=true
StopOnError=true
String=exit
vlan database
vlan $VLAN_NUMBER$
exit
config term
interface Vlan$VLAN_NUMBER$
description SVI
ip vrf forwarding blue
ip address $SVI_IP$ 255.255.255.0
exit
!
interface FastEthernet0/2
switchport trunk allowed vlan add $VLAN_NUMBER$
exit
!
router ospf 2 vrf blue
network $SVI_SUBNET$ 0.0.0.255 area 0
exit
!
FileType=NativeCommandSet
Name=REMOVE_VLAN_ROUTING
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=true
StopOnError=true
String=no interface Vlan$VLAN_NUMBER$
interface FastEthernet0/2
switchport trunk allowed vlan rem $VLAN_NUMBER$
router ospf 2 vrf blue
no network 10.10.50.0 0.0.0.255 area 0
end
!
vlan database
no vlan $VLAN_NUMBER$
exit
FileType=NativeCommandSet
Name=REMOVE_VLAN_ACCESS_PORT
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=false
StopOnError=true
String=default interface FastEthernet0/13
!
int f0/0
switchport trunk allowed vlan remove $VLAN_NUMBER$
int f0/1
switchport trunk allowed vlan remove $VLAN_NUMBER$
!
no interface Vlan$VLAN_NUMBER$
!
end
!
vlan database
no vlan $VLAN_NUMBER$
exit
Example NSM service template for a Firewall service
The following example NSM service template manages Firewall Zones and Interface on a Juniper router.
<serviceTemplate name="NSM_Firewall_Zones_and_Interfaces" description="NSM Service Template to manage
Firewall Zones and Interfaces on a Juniper SRX">
<clientParameters>
<clientParameter>
<name>TARGETROUTETABLE</name>
<description>The Target Router Table e.g. MEET_ME_VR.inet.0</description>
</clientParameter>
<clientParameter>
<name>VIRTUALROUTERNAME</name>
<description>The Virtual Router Name e.g. vr_8262</description>
</clientParameter>
<clientParameter>
<name>NAME</name>
<description>The Customer Zone Name e.g. cz_8262</description>
</clientParameter>
<clientParameter>
<name>PARENTINTERFACENAME</name>
<description>The Parent Interface Name e.g. 0/0/1</description>
</clientParameter>
<clientParameter>
<name>VLANID</name>
<description>The VLAN ID e.g. 3999</description>
</clientParameter>
<clientParameter>
<name>PROJECTSUBNET</name>
<description>The Project SUBNET e.g. 10.100.200.1/24</description>
</clientParameter>
<clientParameter>
<name>SECURITYZONENAME</name>
<description>The Security Zone Name e.g. cz_8262</description>
</clientParameter>
<clientParameter>
<name>UNTRUSTEDZONENAME</name>
<description>The Untrusted Zone Name e.g. untrust</description>
</clientParameter>
<clientParameter>
<name>DESCRIPTION</name>
<description>The description of the Interface e.g. test description</description>
</clientParameter>
<clientParameter>
<name>POOLNAME</name>
<description>The POOL NAME e.g. pool-P999-cz_8262-dest-NAT-pool</description>
</clientParameter>
<clientParameter>
<name>SRCRULESETNAME</name>
<description>The Source Rule Set Name e.g. cz_8262-untrust-src-NAT</description>
</clientParameter>
<clientParameter>
<name>SRCRULENAME</name>
<description>The Source Rule Name e.g. P999-cz_8262-src-NAT-rule</description>
</clientParameter>
<clientParameter>
<name>DESTRULESETNAME</name>
<description>The destination Rule Set Name e.g. untrust-dest-NAT</description>
</clientParameter>
<clientParameter>
<name>DESTRULENAME</name>
<description>The destination Rule Name e.g. P999-cz_8262-dest-NAT-rule</description>
</clientParameter>
<clientParameter>
<name>CHILDINTERFACENAME</name>
<description>The Child Interface Name e.g. ge-0/0/1.3999</description>
</clientParameter>
<clientParameter>
<name>ANYADDRESS</name>
<description>The Any Address e.g. 0.0.0.0/0</description>
</clientParameter>
</clientParameters>
<clientParameterLists>
<clientParameterList name="SOURCETARGETZONE_CPL" description="A Client ParameterList to collect Source and Target Zones">
<parameter name="SOURCEZONENAME" description="The Source Zone Name"/>
<parameter name="TARGETZONENAME" description="The Target Zone Name"/>
</clientParameterList>
</clientParameterLists>
<constantParameters>
<constantParameter>
<name>SOURCEROUTETABLE_CONST</name>
<description>Always add .inet.0 to the end of the Source Route Table Value</description>
<value>.inet.0</value>
</constantParameter>
<constantParameter>
<name>RIBGROUPNAME_CONST</name>
<description>Always add -inetrib to the end of the RIB Group Name Value</description>
<value>-inetrib</value>
</constantParameter>
</constantParameters>
<injectParameters>
<injectParameter>
<name>SOURCEROUTETABLE</name>
<description>The Source Route Table is VIRTUALROUTERNAME with .inet.0 added to it e.g. vr_8262.inet.0</description>
<methodCall>concat</methodCall>
<arguments>VIRTUALROUTERNAME,SOURCEROUTETABLE_CONST</arguments>
<code></code>
</injectParameter>
<injectParameter>
<name>RIBGROUPNAME</name>
<description>The RIB Group Name is VIRTUALROUTERNAME with -inetrib added to it e.g. vr_8262-inetrib</description>
<methodCall>concat</methodCall>
<arguments>VIRTUALROUTERNAME,RIBGROUPNAME_CONST</arguments>
<code></code>
</injectParameter>
</injectParameters>
<implementations>
<implementation>
<rules>
<rule type="DeviceType">
<ruleProperty name="Vendor" value="Juniper"/>
<ruleProperty name="Type" value="Router"/>
<ruleProperty name="Model" value="srx.*"/>
<ruleProperty name="OS" value="10.*"/>
</rule>
</rules>
<serviceOperations>
<serviceOperation type="CREATE">
<operations>
<operation name="ITNCM/FirewallCreateZones" type="COMMANDSET" order="1">
<parameters><parameter name="TARGETROUTETABLE"/>
<parameter name="SOURCEROUTETABLE"/>
<parameter name="VIRTUALROUTERNAME"/>
<parameter name="RIBGROUPNAME"/>
<parameter name="NAME"/>
</parameters>
</operation>
<operation name="ITNCM/FirewallInitializeZones" type="COMMANDSET" order="2">
<parameters>
<parameter name="SOURCETARGETZONE_CPL"/>
</parameters>
</operation>
<operation name="ITNCM/FirewallCreateInterfaces" type="COMMANDSET" order="3">
<parameters>
<parameter name="PARENTINTERFACENAME"/>
<parameter name="VLANID"/>
<parameter name="PROJECTSUBNET"/>
<parameter name="VIRTUALROUTERNAME"/>
<parameter name="SECURITYZONENAME"/>
<parameter name="UNTRUSTEDZONENAME"/>
<parameter name="DESCRIPTION"/>
<parameter name="POOLNAME"/>
<parameter name="SRCRULESETNAME"/>
<parameter name="SRCRULENAME"/>
<parameter name="DESTRULESETNAME"/>
<parameter name="DESTRULENAME"/>
<parameter name="CHILDINTERFACENAME"/>
<parameter name="ANYADDRESS"/>
</parameters>
</operation>
</operations>
</serviceOperation>
<serviceOperation type="DELETE">
<operations>
<operation name="ITNCM/FirewallDeleteInterfaces" type="COMMANDSET" order="1">
<parameters>
<parameter name="PARENTINTERFACENAME"/>
<parameter name="VLANID"/>
<parameter name="VIRTUALROUTERNAME"/>
<parameter name="SECURITYZONENAME"/>
<parameter name="SRCRULESETNAME"/>
<parameter name="SRCRULENAME"/>
<parameter name="DESTRULESETNAME"/>
<parameter name="DESTRULENAME"/>
<parameter name="POOLNAME"/>
<parameter name="CHILDINTERFACENAME"/>
</parameters>
</operation>
<operation name="ITNCM/FirewallDeleteZonesPolicies" type="COMMANDSET" order="2">
<parameters>
<parameter name="SOURCETARGETZONE_CPL"/>
</parameters>
</operation>
<operation name="ITNCM/FirewallDeleteZones" type="COMMANDSET" order="3">
<parameters>
<parameter name="SRCRULESETNAME"/>
<parameter name="RIBGROUPNAME"/>
<parameter name="VIRTUALROUTERNAME"/>
<parameter name="NAME"/>
</parameters>
</operation>
</operations>
</serviceOperation>
</serviceOperations>
</implementation>
</implementations>
</serviceTemplate>
Example NSM service template to manage Firewall Security Policies on a Juniper Router
The following example NSM service template manages Firewall Security Policies on a Juniper router.
<serviceTemplate name="NSM_Firewall_Security_Policies" description="NSM Service Template to manage Security Policies on a Juniper SRX">
<clientParameterLists>
<clientParameterList name="POLICIES_CPL" description="A Client List Parameter to collect Firewall Policies">
<parameter name="SOURCEZONENAME" description="The Source Zone Name"/>
<parameter name="TARGETZONENAME" description="The Target Zone Name"/>
<parameter name="APPLICATIONNAME" description="The Application Name to apply the Policy to"/>
<parameter name="PORT" description="The Port Number of the Application"/>
<parameter name="PROTOCOL" description="The Protocol used to communicate with the application"/>
<parameter name="SRCADDRESSLABEL" description="The Source Address Label"/>
<parameter name="SOURCESUBNET" description="The Source Sub Network"/>
<parameter name="DESTADDRESSLABEL" description="The Destination Addess Label"/>
<parameter name="TARGETSUBNET" description="The Target Sub Network"/>
<parameter name="POLICYNAME" description="The name to give to this Policy"/>
</clientParameterList>
</clientParameterLists>
<implementations>
<implementation>
<rules>
<rule type="DeviceType">
<ruleProperty name="Vendor" value="Juniper"/>
<ruleProperty name="Type" value="Router"/>
<ruleProperty name="Model" value="srx.*"/>
<ruleProperty name="OS" value="10.*"/></rule>
</rules>
<serviceOperations>
<serviceOperation type="CREATE">
<operations>
<operation name="ITNCM/FirewallCreateSecurityPoliciesSpecifiedSourceAndTargetAddress" type="COMMANDSET">
<parameters>
<parameter name="POLICIES_CPL"/>
</parameters>
</operation>
</operations>
</serviceOperation>
<serviceOperation type="DELETE">
<operations>
<operation name="ITNCM/FirewallDeleteSecurityPolicies" type="COMMANDSET">
<parameters>
<parameter name="POLICIES_CPL"/>
</parameters>
</operation>
</operations>
</serviceOperation>
</serviceOperations>
</implementation>
</implementations>
</serviceTemplate>
The following example shows the corresponding Smart Model command set for the NSM service template that manages Firewall Security Policies on a Juniper router.
Note: The
Smart Model command set example
contains extra line-feeds. If you need to import the example Smart
Model command set into Netcool Configuration
Manager,
then copy and paste the example into create a file to be imported.
Edit the file so that there are no line-feeds included in any of the
XML sections. The import command set should
then function correctly.
FileType=CommandSet
Name=FirewallDeleteSecurityPolicies
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup"
xmlns:securityMarkup="http://intelliden.com/securityMarkup" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<applications deltaxml:delta="WFmodify">
<application deltaxml:delta="delete">
<name cmdSetMarkup:param="APPLICATIONNAME"/>
</application> </applications>
<security deltaxml:delta="WFmodify">
<policies deltaxml:delta="WFmodify">
<policy deltaxml:delta="WFmodify">
<from-zone-name cmdSetMarkup:param="SOURCEZONENAME" cmdSetMarkup:match="true" deltaxml:delta="unchanged"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME" cmdSetMarkup:match="true" deltaxml:delta="unchanged"/>
<policy deltaxml:delta="delete">
<name cmdSetMarkup:param="POLICYNAME"/>
</policy>
</policy>
</policies>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="TARGETZONENAME" deltaxml:delta="unchanged"/>
<address-book deltaxml:delta="WFmodify">
<address deltaxml:delta="delete">
<name cmdSetMarkup:param="DESTADDRESSLABEL"/>
</address>
</address-book>
</security-zone>
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SOURCEZONENAME" deltaxml:delta="unchanged"/>
<address-book deltaxml:delta="WFmodify">
<address deltaxml:delta="delete">
<name cmdSetMarkup:param="SRCADDRESSLABEL"/>
</address>
</address-book>
</security-zone>
</zones>
</security></configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesSpecifiedSourceAndTargetAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify"
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup"
xmlns:idm="http://www.intelliden.com/ns/idMarkup"
xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<applications cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add">
<name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port>
<destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policies cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match>
<application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address cmdSetMarkup:param="DESTADDRESSLABEL"/>
<source-address cmdSetMarkup:param="SRCADDRESSLABEL"/>
</match>
<then>
<permit/><log><session-close/></log>
</then>
</policy>
</policy>
</policies>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SOURCEZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add">
<name cmdSetMarkup:param="SRCADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="SOURCESUBNET"/>
</address>
</address-book>
</security-zone>
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="TARGETZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add">
<name cmdSetMarkup:param="DESTADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="TARGETSUBNET"/>
</address>
</address-book>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesAnyTargetAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" deltaxml:delta="WFmodify"
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup"
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><applications
cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add"><name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port><destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policies cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match><application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address>any</destination-address>
<source-address cmdSetMarkup:param="SRCADDRESSLABEL"/>
</match><then><permit/><log><session-close/></log></then>
</policy>
</policy>
</policies>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SOURCEZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add"><name cmdSetMarkup:param="SRCADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="SOURCESUBNET"/>
</address></address-book>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesAnySourceOrTargetAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup"
xmlns:idm="http://www.intelliden.com/ns/idMarkup"
xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<applications cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add">
<name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port>
<destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policies cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/><to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match><application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address>any</destination-address>
<source-address>any</source-address>
</match>
<then>
<permit/><log><session-close/></log>
</then>
</policy>
</policy>
</policies>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesAnySourceAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup"
xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<applications cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add"><name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port>
<destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify"><policies cmdSetMarkup:addIfMissing="true"
deltaxml:delta="WFmodify"><policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match>
<application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address cmdSetMarkup:param="DESTADDRESSLABEL"/>
<source-address>any</source-address>
</match>
<then>
<permit/>
<log><session-close/></log>
</then>
</policy>
</policy>
</policies>
<zones deltaxml:delta="WFmodify"><security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="TARGETZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add"><name cmdSetMarkup:param="DESTADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="TARGETSUBNET"/>
</address>
</address-book>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallInitializeZones
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" deltaxml:delta="WFmodify"
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup"
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><security cmdSetMarkup:addIfMissing="true"
deltaxml:delta="WFmodify"><policies cmdSetMarkup:addIfMissing="true"
deltaxml:delta="WFmodify">
<policy deltaxml:delta="add">
<from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy>
<name>deny-all</name>
<match>
<source-address>any</source-address>
<destination-address>any</destination-address>
<application>any</application>
</match>
<then>
<deny/><log><session-init/></log>
<count/>
</then>
</policy>
</policy>
</policies>
</security>
</configuration>
FileType=CommandSet
Name=FirewallDeleteZonesPolicies
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup"
xmlns:securityMarkup="http://intelliden.com/securityMarkup" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security deltaxml:delta="WFmodify">
<policies deltaxml:delta="WFmodify">
<policy deltaxml:delta="delete">
<from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
</policy>
</policies>
</security>
</configuration>
FileType=CommandSet
Name=FirewallDeleteZones
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup"
xmlns:securityMarkup="http://intelliden.com/securityMarkup" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<routing-instances deltaxml:delta="WFmodify">
<instance deltaxml:delta="delete">
<name cmdSetMarkup:param="VIRTUALROUTERNAME"/>
</instance>
</routing-instances>
<routing-options deltaxml:delta="WFmodify">
<rib-groups deltaxml:delta="delete">
<name cmdSetMarkup:param="RIBGROUPNAME"/>
</rib-groups>
</routing-options><security deltaxml:delta="WFmodify">
<nat deltaxml:delta="WFmodify">
<source deltaxml:delta="WFmodify">
<rule-set deltaxml:delta="delete">
<name cmdSetMarkup:param="SRCRULESETNAME"/>
</rule-set>
</source>
</nat>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="delete">
<name cmdSetMarkup:param="NAME"/>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallDeleteInterfaces
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup"
xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<interfaces deltaxml:delta="WFmodify">
<interface_20ge- deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="PARENTINTERFACENAME" deltaxml:delta="unchanged"/>
<unit deltaxml:delta="delete">
<name cmdSetMarkup:param="VLANID"/>
</unit>
</interface_20ge->
</interfaces>
<routing-instances deltaxml:delta="WFmodify">
<instance deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="VIRTUALROUTERNAME" deltaxml:delta="unchanged"/>
<interface deltaxml:delta="delete">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interface>
</instance>
</routing-instances>
<security deltaxml:delta="WFmodify">
<nat deltaxml:delta="WFmodify">
<source deltaxml:delta="WFmodify">
<rule-set deltaxml:delta="delete">
<name cmdSetMarkup:param="SRCRULESETNAME"/>
<rule><name cmdSetMarkup:param="SRCRULENAME"/></rule>
</rule-set>
</source>
<destination deltaxml:delta="WFmodify">
<pool deltaxml:delta="delete">
<name cmdSetMarkup:param="POOLNAME"/>
</pool>
<rule-set deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="DESTRULESETNAME" deltaxml:delta="unchanged"/>
<rule deltaxml:delta="delete"><name cmdSetMarkup:param="DESTRULENAME"/></rule>
</rule-set>
</destination>
</nat>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SECURITYZONENAME" deltaxml:delta="unchanged"/>
<interfaces deltaxml:delta="delete">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interfaces>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateZones
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1"
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup"
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<routing-instances cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<instance deltaxml:delta="add">
<name cmdSetMarkup:param="VIRTUALROUTERNAME"/>
<routing-options>
<interface-routes>
<rib-group>
<inet cmdSetMarkup:param="RIBGROUPNAME"/>
</rib-group>
</interface-routes>
<static><route>
<name>0.0.0.0/0</name>
<next-table>inet.0</next-table>
</route>
</static>
</routing-options>
<instance-type>virtual-router</instance-type>
</instance>
</routing-instances>
<routing-options cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<rib-groups deltaxml:delta="add">
<name cmdSetMarkup:param="RIBGROUPNAME"/>
<apply-groups-except/>
<import-rib cmdSetMarkup:param="SOURCEROUTETABLE"/>
<import-rib cmdSetMarkup:param="TARGETROUTETABLE"/>
</rib-groups>
</routing-options>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<zones cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="add"><name cmdSetMarkup:param="NAME"/>
<screen>SAA</screen>
<host-inbound-traffic>
<system-services>
<name>all</name>
</system-services>
</host-inbound-traffic>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateInterfaces
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" deltaxml:delta="WFmodify"
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup"
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup"
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<interfaces deltaxml:delta="WFmodify">
<interface_20ge- deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="PARENTINTERFACENAME" deltaxml:delta="unchanged"/>
<unit deltaxml:delta="add"><name cmdSetMarkup:param="VLANID"/>
<description cmdSetMarkup:param="DESCRIPTION"/>
<vlan-id cmdSetMarkup:param="VLANID"/>
<family>
<inet>
<address>
<name cmdSetMarkup:param="PROJECTSUBNET"/>
</address>
</inet>
</family>
</unit>
</interface_20ge->
</interfaces>
<routing-instances deltaxml:delta="WFmodify"><instance deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="VIRTUALROUTERNAME" deltaxml:delta="unchanged"/>
<interface deltaxml:delta="add">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interface>
<instance-type deltaxml:delta="unchanged">virtual-router</instance-type>
</instance>
</routing-instances>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<nat cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<source cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<rule-set deltaxml:delta="add">
<name cmdSetMarkup:param="SRCRULESETNAME"/>
<from><zone cmdSetMarkup:param="SECURITYZONENAME"/></from>
<to><zone cmdSetMarkup:param="UNTRUSTEDZONENAME"/></to>
<rule><name cmdSetMarkup:param="SRCRULENAME"/>
<src-nat-rule-match>
<destination-address cmdSetMarkup:param="ANYADDRESS"/>
<source-address cmdSetMarkup:param="PROJECTSUBNET"/>
</src-nat-rule-match>
<then>
<source-nat><interface/></source-nat>
</then>
</rule>
</rule-set>
</source>
<destination cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<pool deltaxml:delta="add">
<name cmdSetMarkup:param="POOLNAME"/>
<routing-instance>
<ri-name cmdSetMarkup:param="VIRTUALROUTERNAME"/>
</routing-instance>
<address>
<ipaddr cmdSetMarkup:param="PROJECTSUBNET"/>
</address>
</pool>
<rule-set deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="DESTRULESETNAME" deltaxml:delta="unchanged"/>
<rule deltaxml:delta="add">
<name cmdSetMarkup:param="DESTRULENAME"/>
<dest-nat-rule-match>
<source-address cmdSetMarkup:param="ANYADDRESS"/>
<destination-address><dst-addr cmdSetMarkup:param="PROJECTSUBNET"/></destination-address>
</dest-nat-rule-match>
<then>
<destination-nat>
<pool>
<pool-name cmdSetMarkup:param="POOLNAME"/></pool>
</destination-nat>
</then>
</rule>
</rule-set>
</destination>
</nat>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SECURITYZONENAME" deltaxml:delta="unchanged"/>
<interfaces deltaxml:delta="add">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interfaces>
</security-zone>
</zones>
</security>
</configuration>