You are attempting to configure source IP enforcement from the TRUST zone to the DATABASE
zone on an SRX Series device. You would like to create a policy allowing the administrators to
reach the database servers.
Which configuration would accomplish your objective?
A.
security {
policies {
from-zone TRUST to-zone DATABASE {
policy admins {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services;
}
}
}
}
}
}
B.
security {
policies {
from-zone TRUST to-zone DATABASE {
policy admins {
then {
permit {
application-services {
uac-policy;
}
}
}
}
}
}
}
C.
security {
policies {
from-zone TRUST to-zone DATABASE {
policy admins {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
uac-policy;
}
}
}
}
}
}
}
D.
security {
policies {
from-zone TRUST to-zone DATABASE {
policy admins {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
Explanation: