policy (Security Policies)
Syntax
policy policy-name {
description description;
match {
application {
[application];
any;
junos-twamp;
}
destination-address {
[address];
any;
any-ipv4;
any-ipv6;
}
source-address {
[address];
any;
any-ipv4;
any-ipv6;
}
source-identity {
[role-name];
any;
authenticated-user;
unauthenticated-user;
unknown-user;
}
}
scheduler-name scheduler-name;
then {
count {
alarm {
per-minute-threshold number;
per-second-threshold number;
}
}
deny;
log {
session-close;
session-init;
}
permit {
application-services {
application-firewall {
rule-set rule-set-name;
}
application-traffic-control {
rule-set rule-set-name;
}
gprs-gtp-profile profile-name;
gprs-sctp-profile profile-name;
idp;
redirect-wx | reverse-redirect-wx;
ssl-proxy {
profile-name profile-name;
}
uac-policy {
captive-portal captive-portal;
}
utm-policy policy-name;
}
destination-address {
drop-translated;
drop-untranslated;
}
firewall-authentication {
pass-through {
access-profile profile-name;
client-match user-or-group-name;
web-redirect;
}
user-firewall {
access-profile profile-name;
domain domain-name
ssl-termination-profile profile-name;
}
web-authentication {
client-match user-or-group-name;
}
}
services-offload;
tcp-options {
initial-tcp-mss mss-value;
reverse-tcp-mss mss-value;
sequence-check-required;
syn-check-required;
}
tunnel {
ipsec-group-vpn group-vpn;
ipsec-vpn vpn-name;
pair-policy pair-policy;
}
}
reject;
}
}
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name]
Description
Define a security policy.
Options
policy-name |
Name of the security policy. |
description |
Descriptive text about the security policy. Range: 1 through 900 characters |
The descriptive text should not include characters “<”, “>”, “&”, or
“\n”. The upper limit of the description text range is related to character encoding, and is therefore dynamic. However, if you configure the descriptive text length beyond 900 characters, the configuration might fail to take effect. |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release
8.5. The services-offload option added in Junos OS Release
11.4. Statement updated with the source-identity option
and the description option added in Junos OS Release 12.1.
Support for the user-firewall option added in Junos OS
Release 12.1X45-D10. Support for the initial-tcp-mss and reverse-tcp-mss options added in Junos OS Release 12.3X48-D20.
The junos-twamp application is introduced in Junos OS Release 18.2R1.