Security Policy Schedulers Overview
Schedulers are powerful features that allow a policy to be activated for a specified duration. You can define schedulers for a single (nonrecurrent) or recurrent time slot within which a policy is active. You can create schedulers irrespective of a policy, meaning that a scheduler cannot be used by any policies. However, if you want a policy to be active within a scheduled time, then you must first create a scheduler.
When a scheduler times out, the associated policy is deactivated and all sessions associated with the policy are also timed out.
If a policy contains a reference to a scheduler, the schedule determines when the policy is active, that is, when it can be used as a possible match for traffic. Schedulers allow you to restrict access to a resource for a period of time or remove a restriction.
The following guidelines apply to schedulers:
- A scheduler can have multiple policies associated with it; however, a policy cannot be associated with multiple schedulers.
- A policy is active during the time when the scheduler it refers to is also active.
- When a scheduler is off, the policy is unavailable for policy lookup.
A scheduler can be configured as one of the following:
- Scheduler can be active for a single time slot, as specified by a start date and time and a stop date and time.
- Scheduler can be active forever (recurrent), but as specified by the daily schedule. The schedule on a specific day (time slot) takes priority over the daily schedule.
- Scheduler can be active within a time slot as specified by the weekday schedule.
- Scheduler can have a combination of two time slots (daily and timeslot).
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- Security Policies Overview
- Example: Configuring Schedulers (CLI)
- Example: Associating a Policy to a Scheduler (CLI)
- Verifying Scheduled Policies