This tool, when run against a Juniper SRX firewall, will convert all of the zone-based address books to a single global one.
You MUST be running JUNOS 11.2 or above
The underlying communication is over Netconf/SSH. Please make sure your devices allow this by using one or both of the following commands:
set system services netconf ssh set security zones security-zone <xxx> interfaces <xxx> host-inbound-traffic system-services netconf
Head over to the releases page to download the latest version.
zone2global - Convert an SRX from a zone-based address book to a global one. Usage: zone2global [OPTIONS] -commit Choose to apply the configuration directly instead of creating a file. -p string Password -srx string SRX to run the conversion against. If specifying multiple, enclose in quotes, i.e. "srx240-1 srx1400-2" -u string Username
zone2global -srx somefirewall -u admin -p password -commit
If you omit the
-commit option, then the configuration will be written to a file for each SRX you specified. For example, running the above command without the
-commit option will create a file called
somefirewall_globaladdrbook.txt in the same location where the script was run.