policy (Explicit-Proxy)
Syntax
policy name {
description description;
match {
destination-address;
destination-address-excluded;
destination-identity-feed [ destination-identity-feed ... ];
dynamic-application;
application;
source-address;
source-address-excluded;
source-identity;
source-identity-feed [ source-identity-feed ... ];
source-end-user-profile< source-end-user-profile-name>;
url-category;
}
report-skip;
scheduler-name scheduler-name;
then {
deny {
application-services {
security-intelligence {
add-destination-identity-to-feed name-of-feed;
add-destination-ip-to-feed name-of-feed;
add-source-identity-to-feed name-of-feed;
add-source-ip-to-feed name-of-feed;
}
}
}
log {
profile profile;
session-close;
session-init;
session-update minutes;
}
permit {
advanced-connection-tracking;
application-services {
advanced-anti-malware-policy advanced-anti-malware-policy;
anti-virus-policy anti-virus-policy;
application-traffic-control {
rule-set rule-set;
}
captive-portal {
profile profile;
}
icap-redirect icap-redirect;
idp-policy idp-policy;
packet-capture;
security-intelligence {
add-destination-identity-to-feed name-of-feed;
add-destination-ip-to-feed name-of-feed;
add-source-identity-to-feed name-of-feed;
add-source-ip-to-feed name-of-feed;
}
security-intelligence-policy security-intelligence-policy;
ssl-proxy {
profile-name profile-name;
}
utm-policy utm-policy;
destination-address {
(drop-translated | drop-untranslated);
}
firewall-authentication {
pass-through {
access-profile access-profile;
auth-only-browser;
auth-user-agent name;
client-match [ client-match ... ];
ssl-termination-profile ssl-termination-profile;
web-authentication-server web-authentication-server;
web-redirect;
web-redirect-to-https;
}
user-firewall {
access-profile access-profile;
auth-only-browser;
auth-user-agent name;
domain domain;
ssl-termination-profile ssl-termination-profile;
web-authentication-server web-authentication-server;
web-redirect;
web-redirect-to-https;
}
web-authentication {
client-match [ client-match ... ];
}
push-to-identity-management;
}
no-services-offload;
tcp-options {
initial-tcp-mss initial-tcp-mss;
reverse-tcp-mss reverse-tcp-mss;
sequence-check-required;
syn-check-required;
window-scale;
}
tunnel {
ipsec-vpn ipsec-vpn;
pair-policy pair-policy;
}
tunnel-inspection profile-name;
}
reject {
application-services {
security-intelligence {
add-destination-identity-to-feed name-of-feed;
add-destination-ip-to-feed name-of-feed;
add-source-identity-to-feed name-of-feed;
add-source-ip-to-feed name-of-feed;
}
}
profile profile;
ssl-proxy {
profile-name profile-name;
}
}
}
}Hierarchy Level
[edit security policies explicit-proxy profile]
Description
Define a explicit proxy profiles policies.
Options
| name |
Security policy name. Range: 1 through 63 characters |
| description | Text description of policy. The descriptive text should not include characters “<”, “>”, “&”, or “\n”.The upper limit of the description text range is related to character encoding, and is therefore dynamic. However, if you configure the descriptive text length beyond 900 characters, the configuration might fail to take effect. Range: 1 through 900 characters |
| report-skip |
Skip report for this policy |
| scheduler-name |
Name of scheduler |
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 23.4R1.