我在srx300上配置 security connect,好像一定要在untrust端口上打开https,虽然可以配置端口和management-url,但还是想加上ip限制,但我配置了一个untrust-to-untrust的ACL,但好像不起效:
set security policies from-zone untrust to-zone untrust policy untrust-to-untrust match source-address untrust-***client
set security policies from-zone untrust to-zone untrust policy untrust-to-untrust match destination-address any
set security policies from-zone untrust to-zone untrust policy untrust-to-untrust match application any
set security policies from-zone untrust to-zone untrust policy untrust-to-untrust then permit
set security zones security-zone untrust address-book address untrust-***client 192.168.222.100/24
我用其他ip一样可以访问到untrust端口的jweb
请问untrust口上开的services需要怎么加ip限制?