Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Security Policies Page

You are here: Security Policies & Objects > Security Policies.

Use this page to get a high-level view of your firewall policy rules settings. The security policy applies the security rules to the transit traffic within a context (from-zone to to-zone). The traffic is classified by matching its source and destination zones, the source and destination addresses, and the application that the traffic carries in its protocol headers with the policy database in the data plane.

Using a global policy, you can regulate traffic with addresses and applications, regardless of their security zones, by referencing user-defined addresses or the predefined address “any.” These addresses can span multiple security zones.

Tasks You Can Perform

You can perform the following tasks from this page:

  • Add Global Options. See Global Options.

  • Add a Rule. See Add a Rule.

  • Edit a Rule. See Edit a Rule.

  • Clone a Rule. See Clone a Rule.

  • Delete a Rule. See Delete Rules.

  • To save the rules configuration, click Save.

  • To delete the rules configuration, click Discard.

  • Drag and drop the rules within a zone context. To do this, select the rule you want to place in a different sequence number within a zone context, drag and drop it using the cursor.

    Note:

    If you drag and drop a rule outside the zone context, J-Web will display a warning message that you cannot move the rule into another zone context.

  • Advanced search for policy rule. To do this, use the search text box present above the table grid. The search includes the logical operators as part of the filter string. An example filter condition is displayed in the search text box when you hover over the Search icon. When you start entering the search string, the icon indicates whether the filter string is valid or not.

    For an advanced search:

    1. Enter the search string in the text box.

      Based on your input, a list of items from the filter context menu appears.

    2. Select a value from the list and then select a valid operator based on which you want to perform the advanced search operation.

      Note:

      Press Spacebar to add an AND operator or OR operator to the search string. Press backspace to delete a character of the search string.

    3. Press Enter to display the search results in the grid.

    The supported search scenarios and its examples are as follows:

    1. Logical operators:

      • AND operator for multiple parameters

        Example: Name = Rule1 AND Dynamic Application = Malware

      • OR operator for same and different parameters

        Example for same parameters: Name = Rule1 OR Name = Rule2

        Example for different parameters: Name = Rule1 OR Dynamic Application = Malware

      • Combination of AND and OR operators

        Example: Name = Rule1 AND (Dynamic Application = Malware OR Action = Reject)

      • Comma (,) separated value

        Example: Name = Rule1, Rule2

      • != operator for single parameter

        Example: Name != Rule1

    2. Dynamic applications or service objects with matching characters of Junos

      When you search for the matching characters of Junos, such as, jun, un, nos, and os, the result displays all the matched objects but without junos prefix. For example, if the configured dynamic application is junos:01NET, the search for dynamic applications with jun characters display only 01NET.

    3. Saved policy rules

      When you add or edit a rule, click Save to save the configuration. To search for this saved configuration, you must wait for the device to synchronize the configuration.

  • Show or hide columns in the policy rule table. To do this, click Show Hide Columns icon in the top right corner of the policy rule table and select the columns you want to display or deselect the columns you want to hide on the page.

Table 1 describes few more options on Rules.

Table 1: More Options on the Security Policies Page

Field

Description

Create Rule Before

Adds a new rule before the selected rule.

To add a new rule before the selected rule:

  1. Select an existing rule before which you want to create a rule.

  2. Click More > Create Rule Before.

    Alternatively, you can right-click on the selected rule and select Create Rule Before.

    Note:
    • When you create a new rule, it inherits the name, source zone, and destination zone same as parent (selected) rule. Source address and destination address will be any and the action will be Deny.

    • For global policy, source zone and destination zone will not be available.

  3. Click tick mark to create the new rule.

Create Rule After

Adds a new rule after the selected rule.

To add a new rule after the selected rule:

  1. Select an existing rule after which you want to create a rule.

  2. Click More > Create Rule After.

    Alternatively, you can right-click on the selected rule and select Create Rule After.

    Note:
    • When you create a new rule, it inherits the name, source zone, and destination zone same as parent (selected) rule. Source address and destination address will be any and the action will be Deny.

    • For global policy, source zone and destination zone will not be available.

  3. Click tick mark to create the new rule.

Clone

Clones or copies the selected firewall policy configuration and enables you to update the details of the rule.

Clear All

Clears the selection of those rules that are selected.

Field Descriptions

Table 2 describes the fields on the Security Policies page.

Note:

On the Security Policies page:

  • For logical systems and tenants, the URL Categories option will not be displayed.

  • For tenants, the Dynamic Application option will not be displayed.

Table 2: Fields on the Security Policies Page

Field

Description

Seq

Displays the sequence number of rules in a zone pair.

Hits

Displays the number of hits the rule has encountered.

Rule Name

Displays the rule name.

You can hover over the name column to view the rule name and its description.

Source Zone

Displays the source zone that is specified in the zone pair for the rule.

Source Address

Displays the name of the source address or address set for the rule.

Source Identity

Displays the user identity of the rule.

Destination Zone

Displays the destination zone that is specified in the zone pair for the rule.

Destination Address

Displays the name of the destination address or address set for the rule.

Dynamic Application

Displays the dynamic application names for match criteria in application firewall rule set.

An application firewall configuration permits, rejects, or denies traffic based on the application of the traffic.

Services

Displays the type of service for the destination of the rule.

URL Category

Displays the URL category that you want to match criteria for web filtering category.

Action

Displays the actions that need to take place on the traffic as it passes through the firewall.

Advanced Security

Displays the security option that apply for this rule.

Rule Options

Displays the rule option while permitting the traffic.

Schedule

Displays the scheduler details that allow a policy to be activated for a specified duration.

You can define schedulers for a single (nonrecurrent) or recurrent time slot within which a policy is active.