then (Security Policies)
Syntax
then {
count {
alarm {
per-minute-threshold number;
per-second-threshold number;
}
}
deny;
log {
session-close;
session-init;
}
permit {
application-services {
application-firewall {
rule-set rule-set-name;
}
application-traffic-control {
rule-set rule-set-name;
}
gprs-gtp-profile profile-name;
gprs-sctp-profile profile-name;
idp;
redirect-wx | reverse-redirect-wx;
ssl-proxy {
profile-name profile-name;
}
uac-policy {
captive-portal captive-portal;
}
utm-policy policy-name;
}
destination-address {
drop-translated;
drop-untranslated;
}
firewall-authentication {
pass-through {
access-profile profile-name;
client-match user-or-group-name;
ssl-termination-profile profile-name;
web-redirect;
web-redirect-to-https;
}
user-firewall {
access-profile profile-name;
domain domain-name
ssl-termination-profile profile-name;
}
web-authentication {
client-match user-or-group-name;
}
}
services-offload;
tcp-options {
initial-tcp-mss mss-value;
reverse-tcp-mss mss-value;
sequence-check-required;
syn-check-required;
}
tunnel {
ipsec-group-vpn group-vpn;
ipsec-vpn vpn-name;
pair-policy pair-policy;
}
}
reject;
}
Hierarchy Level
[edit security policies from-zone zone-name to-zone zone-name policy policy-name]
Description
Specify the policy action to be performed when packets match the defined criteria.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 8.5. Support for the services-offload option added in Junos OS Release 11.4. Support
for the ssl-termination-profile and web-redirect-to-https options added in Junos OS Release 12.1X44-D10. Support for the user-firewall option added in Junos OS Release 12.1X45-D10.
Support for the initial-tcp-mss and reverse-tcp-mss options added in Junos OS Release 12.3X48-D20.
threshold-logging-interval
Syntax
threshold-logging-interval <minutes>
Hierarchy Level
[edit tenants tenant name security idp sensor-configuration packet-log] [edit logical system logical system name security idp sensor-configuration packet-log]
Description
The minimum time interval in minutes between log messages for maximum sessions or memory reached.
Options
minutes-Interval to generate syslog messages
when configured packet-log total memory or max-sessions is reached.
-
Range 1 to 60
-
Default 15
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 21.3