[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

policy

See the following sections:

policy (IKE)

Syntax

policy policy-name {
certificate {
local-certificate certificate-id ;
peer-certificate-type (pkcs7 | x509-signature);
trusted-ca ( ca-index | use-all);
}
description description ;
mode (aggressive | main);
pre-shared-key (ascii-text | hexadecimal);
proposal-set <basic | compatible | standard>;
}

Hierarchy Level

[edit security ike]

Release Information

Statement modified in Release 8.5 of JUNOS software.

Description

Configure an IKE policy.

This statement is supported on J-series and SRX-series devices.

Options

policy-name —Name of the IKE policy. The policy name can be up to 32alphanumeric characters long.

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

policy (IPsec)

Syntax

policy policy-name {
description description ;
perfect-forward-secrecy keys (group1 | group2 | group5);
proposal-set (basic | compatible | standard);
}

Hierarchy Level

[edit security ipsec]

Release Information

Statement modified in Release 8.5 of JUNOS software.

Description

Define an IPsec policy.

This statement is supported on J-series and SRX-series devices.

Options

policy-name —Name of the IPsec policy.

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

policy (Security)

Syntax

policy policy-name {
match {
application [ application-name-or-set ];
destination-address {
address-name ;
}
source-address {
address-name ;
}
}
scheduler-name scheduler-name ;
then {
count {
alarm {
per-minute-threshold number;
per-second-threshold number ;
}
}
(deny | reject);
permit {
application-services (wx-redirect | wx-reverse-redirect);
destination-address {
drop-translated;
drop-untranslated;
}
destination-nat destination-name ;
firewall-authentication {
pass-through {
access-profile profile-name ;
client-match match-name ;
web-redirect;
}
web-authentication {
client-match user-or-group ;
}
}
source-nat (pool pool-name | pool-set pool-set-name | interface);
tunnel {
ipsec-vpn vpn-name ;
pair-policy pair-policy ;
}
}
log {
session-close;
session-init;
}
}
}

Hierarchy Level

[edit security policies from-zone zone-name to-zone zone-name ]

Release Information

Statement introduced in Release 8.5 of JUNOS software.

Description

Define a security policy.

This statement is supported on J-series and SRX-series devices.

Options

policy-name —Name of the security policy.

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]