Address Book and Security Policy

Hello,

I just started using a SRX device two days back only. So this might be very newbie question.

I am basically trying to create a firewall policy using address-books. I just want to confirm that this is the right way to configure this.

1) It's always better to use the global address. If I define a non-global addrress book, that will need to be attached to a zone and that address-book will be usable only inside that zone policy.

2) Firewall policy are written as shown below. There is no option to have just one policy and have different terms(term1, term2......) like in a routing policy

user@FW-01> show configuration security address-book                                
global {
    address Test 1.1.1.1/32;
    address New 3.3.3.0/27;
    address-set Test-Set {
        address Test;
        address New;
    }
}

user@FW-01> show configuration security policies from-zone untrust to-zone trust    
policy Test {
    match {
        source-address Test-Set;
        destination-address any;
        application junos-tftp;
    }
    then {
        permit;
    }
}
policy New_Policy {
    match {
        source-address any;
        destination-address any;
        application junos-ike;
    }
    then {
        permit;
    }
}

user@FW-01>