Navigation
Related Documentation
- Junos OS Feature Support Reference for SRX Series and J Series Devices
[edit security policies] Hierarchy Level
security {policies {default-policy (deny-all | permit-all);from-zone zone-name to-zone zone-name {policy policy-name {description description;match {application {[application];any;}destination-address {[address];any;any-ipv4;any-ipv6;}source-address {[address];any;any-ipv4;any-ipv6;}source-identity {[role-name];any;authenticated-user;unauthenticated-user;unknown-user;}}scheduler-name scheduler-name;then {count { alarm {per-minute-threshold number; per-second-threshold number;}}deny;log {session-close;session-init;}permit {application-services {application-firewall {rule-set rule-set-name;}application-traffic-control {rule-set rule-set-name;}gprs-gtp-profile profile-name;gprs-sctp-profile profile-name;idp;redirect-wx | reverse-redirect-wx;ssl-proxy {profile-name profile-name;}uac-policy {captive-portal captive-portal;}utm-policy policy-name;}destination-address {drop-translated;drop-untranslated;}firewall-authentication {pass-through {access-profile profile-name;client-match user-or-group-name;web-redirect;}web-authentication {client-match user-or-group-name;}}services-offload;tcp-options {sequence-check-required;syn-check-required;}tunnel {ipsec-group-vpn group-vpn;ipsec-vpn vpn-name;pair-policy pair-policy;}}reject;}}}global {policy policy-name {description description;match {application {[application];any;}destination-address {[address];any;any-ipv4;any-ipv6;}source-address {[address];any;any-ipv4;any-ipv6;}source-identity {[role-name];any;authenticated-user;unauthenticated-user;unknown-user;}}scheduler-name scheduler-name;then { count { alarm {per-minute-threshold number; per-second-threshold number;}}deny;log {session-close;session-init;}permit {application-services {application-firewall {rule-set rule-set-name;}application-traffic-control {rule-set rule-set-name;}gprs-gtp-profile profile-name;gprs-sctp-profile profile-name;idp;redirect-wx | reverse-redirect-wx;ssl-proxy {profile-name profile-name;}uac-policy {captive-portal captive-portal;}utm-policy policy-name;}destination-address {drop-translated;drop-untranslated;}firewall-authentication {pass-through {access-profile profile-name;client-match user-or-group-name;web-redirect;}web-authentication {client-match user-or-group-name;}}services-offload;tcp-options {sequence-check-required;syn-check-required;}}reject;}}}policy-rematch;traceoptions {file {filename;files number;match regular-expression;size maximum-file-size;(world-readable | no-world-readable);}flag flag;no-remote-trace;}}}
Related Documentation
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Published: 2013-07-31
Related Documentation
- Junos OS Feature Support Reference for SRX Series and J Series Devices
