- play_arrow Juniper Web Device Manager
- play_arrow Getting Started
-
- play_arrow Dashboard
- play_arrow J-Web Dashboard
-
- play_arrow Monitor
- play_arrow Interfaces
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
-
- play_arrow Device Administration
- play_arrow Basic Settings
- play_arrow Cluster Management
- play_arrow User Management
- play_arrow Multi Tenancy—Resource Profiles
- play_arrow Multi Tenancy—Interconnect Ports
- play_arrow Multi Tenancy—Logical Systems
- play_arrow Multi Tenancy—Tenants
- play_arrow Certificate Management—Device Certificates
- play_arrow Certificate Management—Trusted Certificate Authority
- About the Trusted Certificate Authority Page
- Generate Default Trusted Certificate Authorities
- Enroll a CA Certificate
- Import a CA Certificate
- Add a Certificate Authority Profile
- Edit a Certificate Authority Profile
- Delete Certificate Authority Profile
- Search Text in the Trusted Certificate Authority Table
- play_arrow Certificate Management—Certificate Authority Group
- play_arrow License Management
- play_arrow ATP Management
- play_arrow Operations
- play_arrow Software Management
- play_arrow Configuration Management
- play_arrow Alarm Management
- play_arrow RPM
- play_arrow Tools
- play_arrow Reset Configuration
-
- play_arrow Network
- play_arrow Connectivity—Ports
- play_arrow Connectivity—VLAN
- play_arrow Connectivity—Link Aggregation
- play_arrow Connectivity—PPPoE
- play_arrow Connectivity—Wireless LAN
- play_arrow DHCP Client
- play_arrow DHCP Server
- play_arrow Firewall Filters—IPv4
- play_arrow Firewall Filters—IPv6
- play_arrow Firewall Filters—Assign to Interfaces
- play_arrow NAT Policies
- play_arrow NAT Pools
- play_arrow Destination NAT
- play_arrow Static NAT
- play_arrow NAT Proxy ARP/ND
- play_arrow Static Routing
- play_arrow RIP Routing
- play_arrow OSPF Routing
- play_arrow BGP Routing
- play_arrow Routing Instances
- play_arrow Routing—Policies
- play_arrow Routing—Forwarding Mode
- play_arrow CoS—Value Aliases
- play_arrow CoS—Forwarding Classes
- play_arrow CoS Classifiers
- play_arrow CoS—Rewrite Rules
- play_arrow CoS—Schedulers
- play_arrow CoS—Scheduler Maps
- play_arrow CoS—Drop Profile
- play_arrow CoS—Virtual Channel Groups
- play_arrow CoS—Assign To Interface
- play_arrow Application QoS
-
- play_arrow Security Services
- play_arrow UTM Default Configuration
- play_arrow UTM Antivirus Profiles
- play_arrow UTM Web Filtering Profiles
- play_arrow UTM Web Filtering Category Update
- play_arrow UTM Antispam Profiles
- play_arrow UTM Content Filtering Profiles
- play_arrow UTM Custom Objects
- play_arrow UTM Policies
- play_arrow IPS Signature Update
- play_arrow IPS Sensor
- play_arrow IPS Policy
- play_arrow ALG
- play_arrow Advanced Threat Prevention
- play_arrow SSL Initiation Profiles
- play_arrow SSL Proxy Profiles
- play_arrow Firewall Authentication—Access Profile
- play_arrow Firewall Authentication—Address Pools
- play_arrow Firewall Authentication Settings
- play_arrow Firewall Authentication—UAC Settings
- play_arrow Firewall Authentication—Active Directory
- play_arrow Firewall Authentication—Local Authentication
- play_arrow Firewall Authentication—Authentication Priority
- play_arrow Firewall Authentication—Identity Management
- play_arrow ICAP Redirect
-
- play_arrow VPN
- play_arrow IPsec VPN
- play_arrow Manual Key VPN
- play_arrow Dynamic VPN
-
ON THIS PAGE
About the Security Policies Page
You are here: Security Policies & Objects > Security Policies.
Use this page to get a high-level view of your firewall policy rules settings. The security policy applies the security rules to the transit traffic within a context (from-zone to to-zone). The traffic is classified by matching its source and destination zones, the source and destination addresses, and the application that the traffic carries in its protocol headers with the policy database in the data plane.
Using a global policy, you can regulate traffic with addresses and applications, regardless of their security zones, by referencing user-defined addresses or the predefined address “any.” These addresses can span multiple security zones.
Tasks You Can Perform
You can perform the following tasks from this page:
Add Global Options. See Global Options.
Add a Rule. See Add a Rule.
Edit a Rule. See Edit a Rule.
Clone a Rule. See Clone a Rule.
Delete a Rule. See Delete Rules.
To save the rules configuration, click Save.
To delete the rules configuration, click Discard.
Drag and drop the rules within a zone context. To do this, select the rule you want to place in a different sequence number within a zone context, drag and drop it using the cursor.
Note:If you drag and drop a rule outside the zone context, J-Web will display a warning message that you cannot move the rule into another zone context.
Advanced search for policy rule. To do this, use the search text box present above the table grid. The search includes the logical operators as part of the filter string. An example filter condition is displayed in the search text box when you hover over the Search icon. When you start entering the search string, the icon indicates whether the filter string is valid or not.
For an advanced search:
Enter the search string in the text box.
Based on your input, a list of items from the filter context menu appears.
Select a value from the list and then select a valid operator based on which you want to perform the advanced search operation.
Note:Press Spacebar to add an AND operator or OR operator to the search string. Press backspace to delete a character of the search string.
Press Enter to display the search results in the grid.
The supported search scenarios and its examples are as follows:
Logical operators:
AND operator for multiple parameters
Example: Name = Rule1 AND Dynamic Application = Malware
OR operator for same and different parameters
Example for same parameters: Name = Rule1 OR Name = Rule2
Example for different parameters: Name = Rule1 OR Dynamic Application = Malware
Combination of AND and OR operators
Example: Name = Rule1 AND (Dynamic Application = Malware OR Action = Reject)
Comma (,) separated value
Example: Name = Rule1, Rule2
!= operator for single parameter
Example: Name != Rule1
Dynamic applications or service objects with matching characters of Junos
When you search for the matching characters of Junos, such as, jun, un, nos, and os, the result displays all the matched objects but without junos prefix. For example, if the configured dynamic application is junos:01NET, the search for dynamic applications with jun characters display only 01NET.
Saved policy rules
When you add or edit a rule, click Save to save the configuration. To search for this saved configuration, you must wait for the device to synchronize the configuration.
Show or hide columns in the policy rule table. To do this, click Show Hide Columns icon in the top right corner of the policy rule table and select the columns you want to display or deselect the columns you want to hide on the page.
Table 1 describes few more options on Rules.
Field | Description |
|---|---|
Create Rule Before | Adds a new rule before the selected rule. To add a new rule before the selected rule:
|
Create Rule After | Adds a new rule after the selected rule. To add a new rule after the selected rule:
|
Clone | Clones or copies the selected firewall policy configuration and enables you to update the details of the rule. |
Clear All | Clears the selection of those rules that are selected. |
Field Descriptions
Table 2 describes the fields on the Security Policies page.
On the Security Policies page:
For logical systems and tenants, the URL Categories option will not be displayed.
For tenants, the Dynamic Application option will not be displayed.
Field | Description |
|---|---|
Seq | Displays the sequence number of rules in a zone pair. |
Hits | Displays the number of hits the rule has encountered. |
Rule Name | Displays the rule name. You can hover over the name column to view the rule name and its description. |
Source Zone | Displays the source zone that is specified in the zone pair for the rule. |
Source Address | Displays the name of the source address or address set for the rule. |
Source Identity | Displays the user identity of the rule. |
Destination Zone | Displays the destination zone that is specified in the zone pair for the rule. |
Destination Address | Displays the name of the destination address or address set for the rule. |
Dynamic Application | Displays the dynamic application names for match criteria in application firewall rule set. An application firewall configuration permits, rejects, or denies traffic based on the application of the traffic. |
Services | Displays the type of service for the destination of the rule. |
URL Category | Displays the URL category that you want to match criteria for web filtering category. |
Action | Displays the actions that need to take place on the traffic as it passes through the firewall. |
Advanced Security | Displays the security option that apply for this rule. |
Rule Options | Displays the rule option while permitting the traffic. |
Schedule | Displays the scheduler details that allow a policy to be activated for a specified duration. You can define schedulers for a single (nonrecurrent) or recurrent time slot within which a policy is active. |
