Navigation
Supported Platforms
to-zone (Security Policies)
Syntax
to-zone zone-name {policy policy-name {description description;match {application {[application];any;}destination-address {[address];any;any-ipv4;any-ipv6;}source-address {[address];any;any-ipv4;any-ipv6;}source-identity {[role-name];any;authenticated-user;unauthenticated-user;unknown-user;}}scheduler-name scheduler-name;then { count { alarm {per-minute-threshold number; per-second-threshold number;}}deny;log {session-close;session-init;}permit {application-services {application-firewall {rule-set rule-set-name;}application-traffic-control {rule-set rule-set-name;}gprs-gtp-profile profile-name;gprs-sctp-profile profile-name;idp;redirect-wx | reverse-redirect-wx;ssl-proxy {profile-name profile-name;}uac-policy {captive-portal captive-portal;}utm-policy policy-name;}destination-address {drop-translated;drop-untranslated;}firewall-authentication {pass-through {access-profile profile-name;client-match user-or-group-name;ssl-termination-profile profile-name;web-redirect;web-redirect-to-https;}web-authentication {client-match user-or-group-name;}}services-offload;tcp-options {sequence-check-required;syn-check-required;}tunnel {ipsec-group-vpn group-vpn;ipsec-vpn vpn-name;pair-policy pair-policy;}}reject;}}}
Hierarchy Level
[edit security policies from-zone zone-name]
Release Information
Statement introduced in Junos OS Release 8.5. Support for the services-offload and junos-host options added in Junos OS Release 11.4. Support for the source-identity option added in Junos OS Release 12.1. Support for the ssl-termination-profile and web-redirect-to-https options added in Junos OS Release 12.1X44-D10.
Description
Specify a destination zone to be associated with the security policy.
Options
- zone-name—Name of the destination zone object.
- junos-host—Default security zone for self-traffic of the device.
The remaining statements are explained separately.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
