Example NSM service templates

NSM service designers can use the following example NSM service templates as models for creating their own NSM service templates.

Example NSM service template for a VLAN service

The following example NSM service template manages VLAN routing on a CISCO router.

<serviceTemplate name="VLAN Routing" description="Create VLAN and add Vlan Routing for a Cisco Router">

	<clientParameters>
		<clientParameter>
			<name>VLAN_NUMBER</name>
			<description>The VLAN number to create</description>
		</clientParameter>
		<clientParameter>
			<name>ACCESS_VLAN_IP</name>
			<description>The Access IP address for the new VLAN</description>
		</clientParameter>
		<clientParameter>
			<name>SVI_IP</name>
			<description>The Switch Virtual Interface IP</description>
		</clientParameter>
		<clientParameter>
			<name>SVI_SUBNET</name>
			<description>The Switch Virtual Interface IP's sub Network</description>
		</clientParameter>
	</clientParameters>



	<implementations>
	<implementation description="Implementation Rule which covers all Cisco Routers">

		<rules>
			<rule type="DeviceType">
				<ruleProperty name="Vendor" value="Cisco"/> 
				<ruleProperty name="Type" value="Router"/>
				<ruleProperty name="Model" value=".*"/>
				<ruleProperty name="OS" value=".*"/>
			</rule>
		</rules>

	<serviceOperations>
		<serviceOperation type="CREATE">	
			<operations>
				<operation name="ITNCM/ADD_VLAN_ACCESS_PORT" type="COMMANDSET" order="1">
					<parameters>
						<parameter name="VLAN_NUMBER"/>
						<parameter name="ACCESS_VLAN_IP"/>
					</parameters>
				</operation>
				<operation name="ITNCM/ADD_VLAN_ROUTING" type="COMMANDSET" order="2">
					<parameters>
						<parameter name="VLAN_NUMBER"/>
						<parameter name="SVI_IP"/>
						<parameter name="SVI_SUBNET"/>
					</parameters>
				</operation>
			</operations>
		</serviceOperation>
		<serviceOperation type="DELETE">	
			<operations>
				<operation name="ITNCM/REMOVE_VLAN_ACCESS_PORT" type="COMMANDSET" order="1">
					<parameters>
						<parameter name="VLAN_NUMBER"/>
					</parameters>
				</operation>
				<operation name="ITNCM/REMOVE_VLAN_ROUTING" type="COMMANDSET" order="2">
					<parameters>
						<parameter name="VLAN_NUMBER"/>
						<parameter name="SVI_SUBNET"/>
					</parameters>
				</operation>
			</operations>
		</serviceOperation>

	</serviceOperations>

	</implementation>
	</implementations>

</serviceTemplate>

The following example shows the corresponding VLAN native command set for the NSM service template that manages VLAN routing on a CISCO router.

FileType=NativeCommandSet
Name=ADD_VLAN_ACCESS_PORT
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=true
StopOnError=true
String=exit

vlan database
vlan $VLAN_NUMBER$
exit
config term
interface FastEthernet0/13
 description New Host
 no shutdown
 switchport access vlan $VLAN_NUMBER$
 no ip address
 spanning-tree portfast
!
interface Vlan$VLAN_NUMBER$
 ip address $ACCESS_VLAN_IP$ 255.255.255.0
!
int f0/0
 switchport trunk allowed vlan add $VLAN_NUMBER$
int f0/1
 switchport trunk allowed vlan add $VLAN_NUMBER$
!
FileType=NativeCommandSet
Name=ADD_VLAN_ROUTING
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=true
StopOnError=true
String=exit

vlan database
vlan $VLAN_NUMBER$
exit

config term

interface Vlan$VLAN_NUMBER$
 description SVI
ip vrf forwarding blue
 ip address $SVI_IP$ 255.255.255.0
 exit
!
interface FastEthernet0/2
 switchport trunk allowed vlan add $VLAN_NUMBER$
 exit
!
router ospf 2 vrf blue
 network $SVI_SUBNET$ 0.0.0.255 area 0
 exit
!
FileType=NativeCommandSet
Name=REMOVE_VLAN_ROUTING
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=true
StopOnError=true
String=no interface Vlan$VLAN_NUMBER$

interface FastEthernet0/2
 switchport trunk allowed vlan rem $VLAN_NUMBER$

router ospf 2 vrf blue
 no network 10.10.50.0 0.0.0.255 area 0
end

!
vlan database
no vlan $VLAN_NUMBER$ 
exit
FileType=NativeCommandSet
Name=REMOVE_VLAN_ACCESS_PORT
Vendor=Cisco
Type=Router
Model=*
Os=*
CommandType=Configuration Change
LineByLine=false
StopOnError=true
String=default interface FastEthernet0/13
!
int f0/0
 switchport trunk allowed vlan remove $VLAN_NUMBER$
int f0/1
 switchport trunk allowed vlan remove $VLAN_NUMBER$
!
no interface Vlan$VLAN_NUMBER$
!
end
!
vlan database
no vlan $VLAN_NUMBER$ 
exit

Example NSM service template for a Firewall service

The following example NSM service template manages Firewall Zones and Interface on a Juniper router.

<serviceTemplate name="NSM_Firewall_Zones_and_Interfaces" description="NSM Service Template to manage 
                       Firewall Zones and Interfaces on a Juniper SRX">
	<clientParameters>
		<clientParameter>
			<name>TARGETROUTETABLE</name>
			<description>The Target Router Table e.g. MEET_ME_VR.inet.0</description>
    		</clientParameter>
    		<clientParameter>
			<name>VIRTUALROUTERNAME</name>
			<description>The Virtual Router Name e.g. vr_8262</description>
   	 	</clientParameter>
    		<clientParameter>
			<name>NAME</name>
			<description>The Customer Zone Name e.g. cz_8262</description>
		</clientParameter>
		<clientParameter>
			<name>PARENTINTERFACENAME</name>
			<description>The Parent Interface Name e.g. 0/0/1</description>
    		</clientParameter>
    		<clientParameter>
			<name>VLANID</name>
			<description>The VLAN ID e.g. 3999</description>
    		</clientParameter>
    		<clientParameter>
			<name>PROJECTSUBNET</name>
			<description>The Project SUBNET e.g. 10.100.200.1/24</description>
    		</clientParameter>
    	<clientParameter>
			<name>SECURITYZONENAME</name>
			<description>The Security Zone Name e.g. cz_8262</description>
    		</clientParameter>
    		<clientParameter>
			<name>UNTRUSTEDZONENAME</name>
			<description>The Untrusted Zone Name e.g. untrust</description>
    		</clientParameter>
    		<clientParameter>
			<name>DESCRIPTION</name>
			<description>The description of the Interface e.g. test description</description>
    		</clientParameter>
    		<clientParameter>
			<name>POOLNAME</name>
			<description>The POOL NAME e.g. pool-P999-cz_8262-dest-NAT-pool</description>
   		 </clientParameter>
    		<clientParameter>
			<name>SRCRULESETNAME</name>
			<description>The Source Rule Set Name e.g. cz_8262-untrust-src-NAT</description>
    		</clientParameter>
    		<clientParameter>
			<name>SRCRULENAME</name>
			<description>The Source Rule Name e.g. P999-cz_8262-src-NAT-rule</description>
   		</clientParameter>
    		<clientParameter>
			<name>DESTRULESETNAME</name>
			<description>The destination Rule Set Name e.g. untrust-dest-NAT</description>
    		</clientParameter>
    		<clientParameter>
			<name>DESTRULENAME</name>
			<description>The destination Rule Name e.g. P999-cz_8262-dest-NAT-rule</description>
    		</clientParameter>
    		<clientParameter>
			<name>CHILDINTERFACENAME</name>
			<description>The Child Interface Name e.g. ge-0/0/1.3999</description>
    		</clientParameter>
    		<clientParameter>
			<name>ANYADDRESS</name>
			<description>The Any Address e.g. 0.0.0.0/0</description>
		</clientParameter>
	</clientParameters>

	<clientParameterLists>
    		<clientParameterList name="SOURCETARGETZONE_CPL" description="A Client ParameterList to collect Source and Target Zones">
			<parameter name="SOURCEZONENAME" description="The Source Zone Name"/>
			<parameter name="TARGETZONENAME" description="The Target Zone Name"/>
    		</clientParameterList>
	</clientParameterLists>	

	<constantParameters>
		<constantParameter>
			<name>SOURCEROUTETABLE_CONST</name>
			<description>Always add .inet.0 to the end of the Source Route Table Value</description>
			<value>.inet.0</value>
		</constantParameter>
		<constantParameter>
			<name>RIBGROUPNAME_CONST</name>
			<description>Always add -inetrib to the end of the RIB Group Name Value</description>
			<value>-inetrib</value>
		</constantParameter>
	</constantParameters>
	

	<injectParameters>
    		<injectParameter>
      			<name>SOURCEROUTETABLE</name>
      			<description>The Source Route Table is VIRTUALROUTERNAME with .inet.0 added to it e.g. vr_8262.inet.0</description>
      			<methodCall>concat</methodCall>
      			<arguments>VIRTUALROUTERNAME,SOURCEROUTETABLE_CONST</arguments>
      			<code></code>
    		</injectParameter>
		<injectParameter>
      			<name>RIBGROUPNAME</name>
      			<description>The RIB Group Name is VIRTUALROUTERNAME with -inetrib added to it e.g. vr_8262-inetrib</description>
      			<methodCall>concat</methodCall>
      			<arguments>VIRTUALROUTERNAME,RIBGROUPNAME_CONST</arguments>
      			<code></code>
    		</injectParameter>
	</injectParameters>

	<implementations>
		<implementation>
			<rules>
				<rule type="DeviceType">
					<ruleProperty name="Vendor" value="Juniper"/>
					<ruleProperty name="Type" value="Router"/>
					<ruleProperty name="Model" value="srx.*"/>
					<ruleProperty name="OS" value="10.*"/>
			</rule>
			</rules>
			<serviceOperations>
				<serviceOperation type="CREATE">
					<operations>
						<operation name="ITNCM/FirewallCreateZones" type="COMMANDSET" order="1">
							<parameters><parameter name="TARGETROUTETABLE"/>
								<parameter name="SOURCEROUTETABLE"/>
								<parameter name="VIRTUALROUTERNAME"/>
								<parameter name="RIBGROUPNAME"/>
								<parameter name="NAME"/>
							</parameters>
						</operation>

					
						<operation name="ITNCM/FirewallInitializeZones" type="COMMANDSET" order="2">
							<parameters>
								<parameter name="SOURCETARGETZONE_CPL"/>		
							</parameters>
						</operation>

						<operation name="ITNCM/FirewallCreateInterfaces" type="COMMANDSET" order="3">
							<parameters>
								<parameter name="PARENTINTERFACENAME"/>
								<parameter name="VLANID"/>
								<parameter name="PROJECTSUBNET"/>
								<parameter name="VIRTUALROUTERNAME"/>
								<parameter name="SECURITYZONENAME"/>
								<parameter name="UNTRUSTEDZONENAME"/>
								<parameter name="DESCRIPTION"/>
								<parameter name="POOLNAME"/>
								<parameter name="SRCRULESETNAME"/>
								<parameter name="SRCRULENAME"/>
								<parameter name="DESTRULESETNAME"/>
								<parameter name="DESTRULENAME"/>
								<parameter name="CHILDINTERFACENAME"/>
								<parameter name="ANYADDRESS"/>
							</parameters>
						</operation>

					</operations>
				</serviceOperation>

				<serviceOperation type="DELETE">
					<operations>
						<operation name="ITNCM/FirewallDeleteInterfaces" type="COMMANDSET" order="1">
							<parameters>
								<parameter name="PARENTINTERFACENAME"/>
								<parameter name="VLANID"/>
								<parameter name="VIRTUALROUTERNAME"/>
								<parameter name="SECURITYZONENAME"/>
								<parameter name="SRCRULESETNAME"/>
								<parameter name="SRCRULENAME"/>
								<parameter name="DESTRULESETNAME"/>
								<parameter name="DESTRULENAME"/>
								<parameter name="POOLNAME"/>
								<parameter name="CHILDINTERFACENAME"/>
							</parameters>
						</operation>
					
						<operation name="ITNCM/FirewallDeleteZonesPolicies" type="COMMANDSET" order="2">
							<parameters>
								<parameter name="SOURCETARGETZONE_CPL"/>
							</parameters>
						</operation>
						
						<operation name="ITNCM/FirewallDeleteZones" type="COMMANDSET" order="3">
							<parameters>
								<parameter name="SRCRULESETNAME"/>
								<parameter name="RIBGROUPNAME"/>
								<parameter name="VIRTUALROUTERNAME"/>
								<parameter name="NAME"/>
							</parameters>
						</operation>

					</operations>
				</serviceOperation>
			</serviceOperations>
		</implementation>
	</implementations>
</serviceTemplate>

Example NSM service template to manage Firewall Security Policies on a Juniper Router

The following example NSM service template manages Firewall Security Policies on a Juniper router.

<serviceTemplate name="NSM_Firewall_Security_Policies" description="NSM Service Template to manage Security Policies on a Juniper SRX">
	
	<clientParameterLists>
    		<clientParameterList name="POLICIES_CPL" description="A Client List Parameter to collect Firewall Policies">
			<parameter name="SOURCEZONENAME" description="The Source Zone Name"/>
			<parameter name="TARGETZONENAME" description="The Target Zone Name"/>
			<parameter name="APPLICATIONNAME" description="The Application Name to apply the Policy to"/>
			<parameter name="PORT" description="The Port Number of the Application"/>
			<parameter name="PROTOCOL" description="The Protocol used to communicate with the application"/>
			<parameter name="SRCADDRESSLABEL" description="The Source Address Label"/>
			<parameter name="SOURCESUBNET" description="The Source Sub Network"/>
			<parameter name="DESTADDRESSLABEL" description="The Destination Addess Label"/>
			<parameter name="TARGETSUBNET" description="The Target Sub Network"/>
			<parameter name="POLICYNAME" description="The name to give to this Policy"/>
    		</clientParameterList>
	</clientParameterLists>
	
	<implementations>
		<implementation>
			<rules>
				<rule type="DeviceType">
					<ruleProperty name="Vendor" value="Juniper"/>
					<ruleProperty name="Type" value="Router"/>
					<ruleProperty name="Model" value="srx.*"/>
					<ruleProperty name="OS" value="10.*"/></rule>
			</rules>
		<serviceOperations>
			<serviceOperation type="CREATE">
				<operations>
					<operation name="ITNCM/FirewallCreateSecurityPoliciesSpecifiedSourceAndTargetAddress" type="COMMANDSET">
						<parameters>
							<parameter name="POLICIES_CPL"/>
						</parameters>
					</operation>
				</operations>
			</serviceOperation>

			<serviceOperation type="DELETE">
				<operations>
					<operation name="ITNCM/FirewallDeleteSecurityPolicies" type="COMMANDSET">
						<parameters>
							<parameter name="POLICIES_CPL"/>
						</parameters>
					</operation>
				</operations>
			</serviceOperation>
		</serviceOperations>
		</implementation>
	</implementations>
</serviceTemplate>

The following example shows the corresponding Smart Model command set for the NSM service template that manages Firewall Security Policies on a Juniper router.

Note: The Smart Model command set example contains extra line-feeds. If you need to import the example Smart Model command set into Netcool Configuration Manager, then copy and paste the example into create a file to be imported. Edit the file so that there are no line-feeds included in any of the XML sections. The import command set should then function correctly.
FileType=CommandSet
Name=FirewallDeleteSecurityPolicies
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup" 
xmlns:securityMarkup="http://intelliden.com/securityMarkup" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">	
<applications deltaxml:delta="WFmodify">
<application deltaxml:delta="delete">
<name cmdSetMarkup:param="APPLICATIONNAME"/>
</application>	</applications>	
<security deltaxml:delta="WFmodify">		
<policies deltaxml:delta="WFmodify">	
<policy deltaxml:delta="WFmodify">	
<from-zone-name cmdSetMarkup:param="SOURCEZONENAME" cmdSetMarkup:match="true" deltaxml:delta="unchanged"/>	
<to-zone-name cmdSetMarkup:param="TARGETZONENAME" cmdSetMarkup:match="true" deltaxml:delta="unchanged"/>
<policy deltaxml:delta="delete">	
<name cmdSetMarkup:param="POLICYNAME"/>
</policy>	
</policy>	
</policies>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="TARGETZONENAME" deltaxml:delta="unchanged"/>
<address-book deltaxml:delta="WFmodify">
<address deltaxml:delta="delete">
<name cmdSetMarkup:param="DESTADDRESSLABEL"/>
</address>
</address-book>
</security-zone>	
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SOURCEZONENAME" deltaxml:delta="unchanged"/>
<address-book deltaxml:delta="WFmodify">
<address deltaxml:delta="delete">
<name cmdSetMarkup:param="SRCADDRESSLABEL"/>
</address>
</address-book>
</security-zone>
</zones>
</security></configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesSpecifiedSourceAndTargetAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" 
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" 
xmlns:idm="http://www.intelliden.com/ns/idMarkup" 
xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<applications cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add">
<name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port>
<destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policies cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match>
<application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address cmdSetMarkup:param="DESTADDRESSLABEL"/>
<source-address cmdSetMarkup:param="SRCADDRESSLABEL"/>
</match>
<then>
<permit/><log><session-close/></log>
</then>
</policy>
</policy>
</policies>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SOURCEZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add">
<name cmdSetMarkup:param="SRCADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="SOURCESUBNET"/>
</address>
</address-book>
</security-zone>
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="TARGETZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add">
<name cmdSetMarkup:param="DESTADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="TARGETSUBNET"/>
</address>
</address-book>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesAnyTargetAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" deltaxml:delta="WFmodify" 
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" 
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><applications 
cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add"><name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port><destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policies cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match><application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address>any</destination-address>
<source-address cmdSetMarkup:param="SRCADDRESSLABEL"/>
</match><then><permit/><log><session-close/></log></then>
</policy>
</policy>
</policies>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SOURCEZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add"><name cmdSetMarkup:param="SRCADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="SOURCESUBNET"/>
</address></address-book>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesAnySourceOrTargetAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" 
xmlns:idm="http://www.intelliden.com/ns/idMarkup" 
xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<applications cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add">
<name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port>
<destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policies cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/><to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match><application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address>any</destination-address>
<source-address>any</source-address>
</match>
<then>
<permit/><log><session-close/></log>
</then>
</policy>
</policy>
</policies>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateSecurityPoliciesAnySourceAddress
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup" 
xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<applications cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<application deltaxml:delta="add"><name cmdSetMarkup:param="APPLICATIONNAME"/>
<source-port>1-65535</source-port>
<destination-port cmdSetMarkup:param="PORT"/>
<protocol cmdSetMarkup:param="PROTOCOL"/>
</application>
</applications>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify"><policies cmdSetMarkup:addIfMissing="true" 
deltaxml:delta="WFmodify"><policy deltaxml:delta="add"><from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy><name cmdSetMarkup:param="POLICYNAME"/>
<match>
<application cmdSetMarkup:param="APPLICATIONNAME"/>
<destination-address cmdSetMarkup:param="DESTADDRESSLABEL"/>
<source-address>any</source-address>
</match>
<then>
<permit/>
<log><session-close/></log>
</then>
</policy>
</policy>
</policies>
<zones deltaxml:delta="WFmodify"><security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="TARGETZONENAME" deltaxml:delta="unchanged"/>
<address-book cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<address deltaxml:delta="add"><name cmdSetMarkup:param="DESTADDRESSLABEL"/>
<ip-prefix cmdSetMarkup:param="TARGETSUBNET"/>
</address>
</address-book>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallInitializeZones
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" deltaxml:delta="WFmodify" 
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" 
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><security cmdSetMarkup:addIfMissing="true" 
deltaxml:delta="WFmodify"><policies cmdSetMarkup:addIfMissing="true" 
deltaxml:delta="WFmodify">
<policy deltaxml:delta="add">
<from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
<policy>
<name>deny-all</name>
<match>
<source-address>any</source-address>
<destination-address>any</destination-address>
<application>any</application>
</match>
<then>
<deny/><log><session-init/></log>
<count/>
</then>
</policy>
</policy>
</policies>
</security>
</configuration>
FileType=CommandSet
Name=FirewallDeleteZonesPolicies
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup" 
xmlns:securityMarkup="http://intelliden.com/securityMarkup" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<security deltaxml:delta="WFmodify">
<policies deltaxml:delta="WFmodify">
<policy deltaxml:delta="delete">
<from-zone-name cmdSetMarkup:param="SOURCEZONENAME"/>
<to-zone-name cmdSetMarkup:param="TARGETZONENAME"/>
</policy>
</policies>
</security>
</configuration>
FileType=CommandSet
Name=FirewallDeleteZones
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup" 
xmlns:securityMarkup="http://intelliden.com/securityMarkup" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<routing-instances deltaxml:delta="WFmodify">
<instance deltaxml:delta="delete">
<name cmdSetMarkup:param="VIRTUALROUTERNAME"/>
</instance>
</routing-instances>
<routing-options deltaxml:delta="WFmodify">
<rib-groups deltaxml:delta="delete">
<name cmdSetMarkup:param="RIBGROUPNAME"/>
</rib-groups>
</routing-options><security deltaxml:delta="WFmodify">
<nat deltaxml:delta="WFmodify">
<source deltaxml:delta="WFmodify">
<rule-set deltaxml:delta="delete">
<name cmdSetMarkup:param="SRCRULESETNAME"/>
</rule-set>
</source>
</nat>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="delete">
<name cmdSetMarkup:param="NAME"/>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallDeleteInterfaces
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" xmlns:idm="http://www.intelliden.com/ns/idMarkup" 
xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<interfaces deltaxml:delta="WFmodify">
<interface_20ge- deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="PARENTINTERFACENAME" deltaxml:delta="unchanged"/>
<unit deltaxml:delta="delete">
<name cmdSetMarkup:param="VLANID"/>
</unit>
</interface_20ge->
</interfaces>
<routing-instances deltaxml:delta="WFmodify">
<instance deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="VIRTUALROUTERNAME" deltaxml:delta="unchanged"/>
<interface deltaxml:delta="delete">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interface>
</instance>
</routing-instances>
<security deltaxml:delta="WFmodify">
<nat deltaxml:delta="WFmodify">
<source deltaxml:delta="WFmodify">
<rule-set deltaxml:delta="delete">
<name cmdSetMarkup:param="SRCRULESETNAME"/>
<rule><name cmdSetMarkup:param="SRCRULENAME"/></rule>
</rule-set>
</source>
<destination deltaxml:delta="WFmodify">
<pool deltaxml:delta="delete">
<name cmdSetMarkup:param="POOLNAME"/>
</pool>
<rule-set deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="DESTRULESETNAME" deltaxml:delta="unchanged"/>
<rule deltaxml:delta="delete"><name cmdSetMarkup:param="DESTRULENAME"/></rule>
</rule-set>
</destination>
</nat>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SECURITYZONENAME" deltaxml:delta="unchanged"/>
<interfaces deltaxml:delta="delete">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interfaces>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateZones
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" 
deltaxml:delta="WFmodify" xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" 
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<routing-instances cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<instance deltaxml:delta="add">
<name cmdSetMarkup:param="VIRTUALROUTERNAME"/>
<routing-options>
<interface-routes>
<rib-group>
<inet cmdSetMarkup:param="RIBGROUPNAME"/>
</rib-group>
</interface-routes>
<static><route>
<name>0.0.0.0/0</name>
<next-table>inet.0</next-table>
</route>
</static>
</routing-options>
<instance-type>virtual-router</instance-type>
</instance>
</routing-instances>
<routing-options cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<rib-groups deltaxml:delta="add">
<name cmdSetMarkup:param="RIBGROUPNAME"/>
<apply-groups-except/>
<import-rib cmdSetMarkup:param="SOURCEROUTETABLE"/>
<import-rib cmdSetMarkup:param="TARGETROUTETABLE"/>
</rib-groups>
</routing-options>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<zones cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="add"><name cmdSetMarkup:param="NAME"/>
<screen>SAA</screen>
<host-inbound-traffic>
<system-services>
<name>all</name>
</system-services>
</host-inbound-traffic>
</security-zone>
</zones>
</security>
</configuration>
FileType=CommandSet
Name=FirewallCreateInterfaces
Vendor=Juniper
Type=Router
Model=srx*
Os=10.*
Detail=<configuration xmlns:deltaxml="http://www.deltaxml.com/ns/well-formed-delta-v1" deltaxml:delta="WFmodify"
xmlns:cmdSetMarkup="http://www.intelliden.com/ns/cmdSetMarkup" 
xmlns:deviceMarkup="http://www.intelliden.com/deviceMarkup" 
xmlns:idm="http://www.intelliden.com/ns/idMarkup" xmlns:securityMarkup="http://intelliden.com/securityMarkup" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<interfaces deltaxml:delta="WFmodify">
<interface_20ge- deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="PARENTINTERFACENAME" deltaxml:delta="unchanged"/>
<unit deltaxml:delta="add"><name cmdSetMarkup:param="VLANID"/>
<description cmdSetMarkup:param="DESCRIPTION"/>
<vlan-id cmdSetMarkup:param="VLANID"/>
<family>
<inet>
<address>
<name cmdSetMarkup:param="PROJECTSUBNET"/>
</address>
</inet>
</family>
</unit>
</interface_20ge->
</interfaces>
<routing-instances deltaxml:delta="WFmodify"><instance deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="VIRTUALROUTERNAME" deltaxml:delta="unchanged"/>
<interface deltaxml:delta="add">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interface>
<instance-type deltaxml:delta="unchanged">virtual-router</instance-type>
</instance>
</routing-instances>
<security cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<nat cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<source cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<rule-set deltaxml:delta="add">
<name cmdSetMarkup:param="SRCRULESETNAME"/>
<from><zone cmdSetMarkup:param="SECURITYZONENAME"/></from>
<to><zone cmdSetMarkup:param="UNTRUSTEDZONENAME"/></to>
<rule><name cmdSetMarkup:param="SRCRULENAME"/>
<src-nat-rule-match>
<destination-address cmdSetMarkup:param="ANYADDRESS"/>
<source-address cmdSetMarkup:param="PROJECTSUBNET"/>
</src-nat-rule-match>
<then>
<source-nat><interface/></source-nat>
</then>
</rule>
</rule-set>
</source>
<destination cmdSetMarkup:addIfMissing="true" deltaxml:delta="WFmodify">
<pool deltaxml:delta="add">
<name cmdSetMarkup:param="POOLNAME"/>
<routing-instance>
<ri-name cmdSetMarkup:param="VIRTUALROUTERNAME"/>
</routing-instance>
<address>
<ipaddr cmdSetMarkup:param="PROJECTSUBNET"/>
</address>
</pool>
<rule-set deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="DESTRULESETNAME" deltaxml:delta="unchanged"/>
<rule deltaxml:delta="add">
<name cmdSetMarkup:param="DESTRULENAME"/>
<dest-nat-rule-match>
<source-address cmdSetMarkup:param="ANYADDRESS"/>
<destination-address><dst-addr cmdSetMarkup:param="PROJECTSUBNET"/></destination-address>
</dest-nat-rule-match>
<then>
<destination-nat>
<pool>
<pool-name cmdSetMarkup:param="POOLNAME"/></pool>
</destination-nat>
</then>
</rule>
</rule-set>
</destination>
</nat>
<zones deltaxml:delta="WFmodify">
<security-zone deltaxml:delta="WFmodify">
<name cmdSetMarkup:param="SECURITYZONENAME" deltaxml:delta="unchanged"/>
<interfaces deltaxml:delta="add">
<name cmdSetMarkup:param="CHILDINTERFACENAME"/>
</interfaces>
</security-zone>
</zones>
</security>
</configuration>