- play_arrow Introduction
- play_arrow Customer Portal Overview
- About the Customer Portal User Guide
- Customer Portal Overview
- Accessing Customer Portal
- Personalize the Customer Portal
- Switching the Tenant Scope
- Setting Up Your Network with Customer Portal
- About the Customer Portal Dashboard
- Changing the Customer Portal Password
- Resetting the Password
- Changing the Password on First Login
- Set a New Password After Your Existing Password Expires
- Configuring Two-Factor Authentication
- Extending the User Login Session
- Resend Activation Link in Customer Portal
- View and Edit Tenant Settings
- play_arrow Users and Roles
- Role-Based Access Control Overview
- About the Users Page in Customer Portal
- Adding Tenant and OpCo Tenant Users
- Editing and Deleting Tenant and OpCo Tenant Users
- Resetting the Password for Tenant Users
- Roles Overview
- About the Tenant Roles Page
- Adding User-Defined Roles for Tenant Users
- Editing, Cloning, and Deleting User-Defined Roles for Tenant Users
- Access Privileges for Role Scopes (Tenant and Operating Company)
- play_arrow SD-WAN and NGFW Deployments
-
- play_arrow Managing Sites, Site Groups, and Site Templates
- play_arrow Managing Sites
- About the Site Management Page
- Multihoming Overview
- Enterprise Hubs Overview
- Understand BGP Underlay Routing and Provider Edge (PE) Resiliency
- Upgrading Sites Overview
- Add Enterprise Hubs with SD-WAN Capability
- Add Provider Hub Sites in SD-WAN Deployments
- Adding Cloud Spoke Sites for SD-WAN Deployment
- Provisioning a Cloud Spoke Site in AWS VPC
- Manually Adding Branch Sites
- Add a Branch Site with SD-WAN Capability
- Adding and Provisioning a Next Generation Firewall Overview
- Enabling Integration with Mist Access Points
- Add a Standalone Next-Generation Firewall Site
- Managing LAN Segments on a Tenant Site
- Manage a Site
- Start a Network Service
- Disable a Network Service
- Delete a Network Service
- Add IP VPN Configuration to Provider Hubs
- Edit IP VPN Configuration for Provider Hubs
- Delete IP VPN Configuration from Provider Hubs
- Viewing the Sites History
- Edit Site Overview
- Edit Branch and Enterprise Hub Site Parameters
- Reconfigure Static Tunnels
- Edit Site Examples
- Upgrading Sites
- Delete a Site—Enterprise Hub, Cloud Spoke, and Branch
- play_arrow Managing Site Groups
- play_arrow Managing Site Templates
- play_arrow Managing Mesh Tags
- play_arrow Managing Dynamic Mesh
-
- play_arrow Managing Policies, Profiles, and Proxies
- play_arrow Managing Firewall Policies
- Firewall Policy Overview
- About the Firewall Policy List Page
- About the Firewall Policy Name Page
- Adding a Firewall Policy
- Editing and Deleting Firewall Policies
- Adding Firewall Policy Intents
- Editing, Cloning, and Deleting Firewall Policy Intents
- Selecting Firewall Source
- Selecting Firewall Destination
- Firewall Policy Examples
- Firewall Policy Schedules Overview
- About the Firewall Policy Schedules Page
- Creating Schedules
- Editing, Cloning, and Deleting Schedules
- Deploying Firewall Policies
- About the Default Profiles for Unified Firewall Policy Page
- Editing Default Settings for the Unified Firewall Policy
- Importing Policies Overview
- Importing Firewall Policies
- play_arrow Managing Content Security Profiles
- Content Security Overview
- Configuring Content Security Settings
- About the Content Security Profiles Page
- Creating Content Security Profiles
- Editing, Cloning, and Deleting Content Security Profiles
- About the Web Filtering Profiles Page
- Creating Web Filtering Profiles
- Editing, Cloning, and Deleting Web Filtering Profiles
- About the Antivirus Profiles Page
- Creating Antivirus Profiles
- Editing, Cloning, and Deleting Antivirus Profiles
- About the Antispam Profiles Page
- Creating Antispam Profiles
- Editing, Cloning, and Deleting Antispam Profiles
- About the Content Filtering Profiles Page
- Creating Content Filtering Profiles
- Editing, Cloning, and Deleting Content Filtering Profiles
- About the URL Patterns Page
- Creating URL Patterns
- Editing, Cloning, and Deleting URL Patterns
- About the URL Categories Page
- Creating URL Categories
- Editing, Cloning, and Deleting URL Categories
- play_arrow Managing SLA Profiles and SD-WAN Policies
- Traffic Steering Profiles and SD-WAN Policies Overview
- About the SD-WAN Policy Page
- Creating SD-WAN Policy Intents
- Editing and Deleting SD-WAN Policy Intents
- Application Quality of Experience Overview
- Configure and Monitor Application Quality of Experience
- About the SLA-Based Steering Profiles Page
- Adding SLA-Based Steering Profiles
- Editing and Deleting SLA-Based Steering Profiles
- About the Path-Based Steering Profiles Page
- Adding Path-Based Steering Profiles
- Editing and Deleting Path-Based Steering Profiles
- Breakout and Breakout Profiles Overview
- About the Breakout Profiles Page
- Adding Breakout Profiles
- Adding Cloud Breakout Settings
- Assigning Cloud Breakout Settings to Sites
- Detaching Cloud Breakout Settings from Sites
- Editing Breakout Profiles and Cloud Breakout Settings
- Deleting Breakout Profiles and Cloud Breakout Settings
- Configuring Breakout on SD-WAN Sites
- play_arrow Managing NAT Policies
- NAT Policies Overview
- About the NAT Policies Page
- Creating NAT Policies
- Editing and Deleting NAT Policies
- About the Single NAT Policy Page
- Creating NAT Policy Rules
- Editing, Cloning, and Deleting NAT Policy Rules
- Deploying NAT Policy Rules
- Selecting NAT Source
- Selecting NAT Destination
- NAT Pools Overview
- About the NAT Pools Page
- Creating NAT Pools
- Editing, Cloning, and Deleting NAT Pools
- Deploying NAT Policies
- Importing NAT Policies
- play_arrow Managing IPS Signatures and Profiles
- About the IPS Signatures Page
- Create IPS Signatures
- Create IPS Signature Static Groups
- Create IPS Signature Dynamic Groups
- Edit, Clone, and Delete IPS Signatures
- Edit, Clone, and Delete IPS Signature Static Groups
- Edit, Clone, and Delete IPS Signature Dynamic Groups
- About the IPS Profiles Page
- Create IPS Profiles
- Edit, Clone, and Delete IPS Profiles
- About the <IPS-Profile-Name> / Rules Page
- Create IPS or Exempt Rules
- Edit, Clone, and Delete IPS or Exempt Rules
- play_arrow Managing SSL Proxies
- SSL Forward Proxy Overview
- About the SSL Proxy Policy Page
- Creating SSL Proxy Policy Intents
- Editing, Cloning, and Deleting SSL Proxy Policy Intents
- Understanding How SSL Proxy Policy Intents Are Applied
- About the SSL Proxy Profiles Page
- Creating SSL Forward Proxy Profiles
- Editing, Cloning, and Deleting SSL Forward Proxy Profiles
- Configuring and Deploying an SSL Forward Proxy Policy
- play_arrow Deploying Policies
-
- play_arrow Managing Network Services and Shared Objects
- play_arrow Configuring Network Services
- play_arrow Managing Shared Objects
- Addresses and Address Groups Overview
- About the Addresses Page
- Creating Addresses or Address Groups
- Editing, Cloning, and Deleting Addresses and Address Groups
- Services and Service Groups Overview
- About the Services Page
- Creating Services and Service Groups
- Creating Protocols
- Editing and Deleting Protocols
- Editing, Cloning, and Deleting Services and Service Groups
- Application Signatures Overview
- About the Application Signatures Page
- Understanding Custom Application Signatures
- Adding Application Signatures
- Editing, Cloning, and Deleting Application Signatures
- Adding Application Signature Groups
- Editing, Cloning, and Deleting Application Signature Groups
- About the Departments Page
- Add a Department
- Delete a Department
- About the Protocols Page
- Add a Protocol Endpoint
- Edit or Delete Protocol Endpoint
-
- play_arrow Monitoring Jobs and Audit Logs
- play_arrow Managing Jobs
- play_arrow Managing Audit Logs
-
- play_arrow Monitoring Alarms, Events, and Threats
- play_arrow Monitoring Security Alerts and Alarms
- About the Monitor Overview Page
- Alerts Overview
- About the Generated Alerts Page
- About the Alert Definitions/Notifications Page
- Managing Security Alerts Definitions
- Creating Security Alert Definitions
- Editing, Cloning, and Deleting Security Alert Definitions
- About the Alarms Page
- Enable E-mail Notifications for SD-WAN Alarms
- Rogue Device Detection
- Monitoring Support for LTE Links on Dual CPEs
- play_arrow Monitoring Security
- About the All Security Events Page
- About the Firewall Events Page
- About the Web Filtering Events Page
- About the IPsec VPNs Events Page
- About the Content Filtering Events Page
- About the Antispam Events Page
- About the Antivirus Events Page
- About the IPS Events Page
- About the Screen Events Page
- About the Traffic Logs Page
- play_arrow Monitoring SD-WAN Events
- play_arrow Monitoring Applications
- About the SLA Performance of a Single Tenant Page
- Viewing the SLA Performance of a Site
- Viewing the SLA Performance of an Application or Application Group
- Application Visibility Overview
- About the Application Visibility Page
- About the User Visibility Page
- Viewing Application or User Visibility Data for Specific Sites
- play_arrow Monitoring Threats
- Syslog Streaming
-
- play_arrow Managing Reports
- play_arrow Security Reports
- Reports Overview
- About the Security Report Definitions Page
- Scheduling, Generating, Previewing, and Sharing Security Reports
- About the Security Generated Reports Page
- Creating Log Report Definition
- Creating Bandwidth Report Definition
- Creating ANR Report Definition
- Editing, Deleting, and Cloning Log Report Definitions
- Editing, Deleting, and Cloning Bandwidth Report Definitions
- Editing, Deleting, and Cloning ANR Report Definitions
- play_arrow SD-WAN Reports
-
Adding a Security Zone
A security zone is a collection of one or more network segments requiring the regulation of inbound and outbound traffic through policies. Security zones are logical entities to which one or more interfaces are bound. You can define multiple security zones, the exact number of which you determine based on your network needs.
An interface for a security zone can be thought of as a doorway through which TCP/IP traffic can pass between that zone and any other zone. Through the policies you define, you can permit traffic between zones to flow in one direction or in both. With the routes that you define, you specify the interfaces that traffic from one zone to another must use. Because you can bind multiple interfaces to a zone, the routes you chart are important for directing traffic to the interfaces of your choice. An interface can be configured with an IPv4 address, IPv6 address, or both.
Security zones have the following properties:
Policies—Active security policies that enforce rules for the transit traffic, in terms of what traffic can pass through the firewall, and the actions that need to take place on the traffic as it passes through the firewall.
Screens—A Juniper Networks stateful firewall secures a network by inspecting, and then allowing or denying, all connection attempts that require passage from one security zone to another. For every security zone, you can enable a set of predefined screen options that detect and block various kinds of traffic that the device determines as potentially harmful.
TCP-RST—When this feature is enabled, the system sends a TCP segment with the RESET flag set when traffic arrives that does not match an existing session and does not have the SYNchronize flag set.
Interfaces—List of interfaces in the zone.
Use this page to configure zones and assign interfaces to them.
To create a security zone:
Field | Description |
|---|---|
| General Information | |
Name | Enter a unique string of alphanumeric characters, and some special characters, such as dashes, and underscores.The maximum length is 31 characters. |
Description | Enter a description for the zone; the maximum length is 900 characters. |
Application Tracking | Select the checkbox to maintain application usage statistics on a device. |
| Interfaces | From the list of interfaces in the Available column, select the interfaces that you want to include in the new zone and click the greater-than icon (>). The selected interfaces are moved to the Selected column. |
| System Services | From the list of system services in the Available column, select the system services that you want to include in the new zone and click the greater-than icon (>). The selected system services are moved to the Selected column. |
Is Except | Select the checkbox to disable specific incoming system service traffic, only when all system services option is defined. |
| Protocols | From the list of protocols in the Available column, select the protocols that you want to include in the new zone and click the greater-than icon (>). The selected protocols are moved to the Selected column. |
Is Except | Select this option to disable specific incoming protocol traffic, only when all protocols option is defined. |
| Traffic Control Options | |
TCP RST | Select the checkbox to enable sending TCP packets with the RST (reset) flag set to 1 in response to TCP packets with any flag other than SYN set and that do not belong to an existing session. |
Screen | Enter a predefined security screen for a security zone to detect and block various kinds of traffic that the device determines as potentially harmful. |
| Interface Services and Protocols | View the summary of interface, services and protocols for your device. |
