- policies {
-
- default-policy {
- (deny-all | permit-all);
- }
-
- from-zone zone-name to-zone zone-name
{
-
- policy
policy-name {
-
- match {
- application [ application-name-or-set
];
-
- destination-address {
-
address-name
;
- }
-
- source-address {
-
address-name
;
- }
- }
- scheduler-name scheduler-name
;
-
- then {
-
- count {
-
- alarm {
- per-minute-threshold number;
- per-second-threshold number
;
- }
- }
- (deny | reject);
-
- permit {
- application-services (wx-redirect
| wx-reverse-redirect);
-
- destination-address {
- drop-translated;
- drop-untranslated;
- }
- destination-nat destination-name
;
-
- firewall-authentication
{
-
- pass-through {
- access-profile profile-name
;
- client-match match-name
;
- web-redirect;
- }
-
- web-authentication {
- client-match user-or-group
;
- }
- }
- source-nat (pool pool-name
| pool-set pool-set-name | interface);
-
- tunnel {
- ipsec-vpn vpn-name
;
- pair-policy pair-policy
;
- }
- }
-
- log {
- session-close;
- session-init;
- }
- }
- }
- }
- policy-rematch;
-
- traceoptions {
- file
filename <files number > <size maximum-file-size >
- <world-readable | no-world-readable>;
- flag
flag ;
- }
- }
- [edit security]
Statement introduced in Release 8.5 of JUNOS software.
Configure network security policies.
This statement is supported on J-series and SRX-series devices.
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.