- play_arrow Juniper Web Device Manager
- play_arrow Getting Started
-
- play_arrow Add SRX Series Firewall to Security Director Cloud
- play_arrow Dashboard
- play_arrow J-Web Dashboard
-
- play_arrow Monitor
- play_arrow Network
- play_arrow Logs
- play_arrow Maps and Charts
- play_arrow Statistics
- play_arrow Reports
-
- play_arrow Device Administration
- play_arrow Basic Settings
- play_arrow Cluster Management
- play_arrow User & Roles
- play_arrow Multi Tenancy—Resource Profiles
- play_arrow Multi Tenancy—Interconnect Ports
- play_arrow Multi Tenancy—Logical Systems
- play_arrow Multi Tenancy—Tenants
- play_arrow Certificate Management—Device Certificates
- play_arrow Certificate Management—Trusted Certificate Authority
- About the Trusted Certificate Authority Page
- Generate Default Trusted Certificate Authorities
- Enroll a CA Certificate
- Import a CA Certificate
- Add a Certificate Authority Profile
- Edit a Certificate Authority Profile
- Delete a Certificate Authority Profile
- Search Text in the Trusted Certificate Authority Table
- play_arrow Certificate Management—Certificate Authority Group
- play_arrow License Management
- play_arrow Security Package Management
- play_arrow ATP Management
- play_arrow Operations
- play_arrow Software Management
- play_arrow Configuration Management
- play_arrow Alarm Management
- play_arrow RPM
- play_arrow Tools
- play_arrow Reset Configuration
-
- play_arrow Network
- play_arrow Connectivity—Interfaces
- play_arrow Connectivity—VLAN
- play_arrow Connectivity—Link Aggregation
- play_arrow Connectivity—Wireless LAN
- play_arrow DHCP Client
- play_arrow DHCP Server
- play_arrow Firewall Filters—IPv4
- play_arrow Firewall Filters—IPv6
- play_arrow Firewall Filters—Assign to Interfaces
- play_arrow NAT Policies
- play_arrow NAT Pools
- play_arrow Destination NAT
- play_arrow Static NAT
- play_arrow NAT Proxy ARP/ND
- play_arrow Static Routing
- play_arrow RIP Routing
- play_arrow OSPF Routing
- play_arrow BGP Routing
- play_arrow Routing Instances
- play_arrow Routing—Policies
- play_arrow Routing—Forwarding Mode
- play_arrow CoS—Value Aliases
- play_arrow CoS—Forwarding Classes
- play_arrow CoS Classifiers
- play_arrow CoS—Rewrite Rules
- play_arrow CoS—Schedulers
- play_arrow CoS—Scheduler Maps
- play_arrow CoS—Drop Profile
- play_arrow CoS—Virtual Channel Groups
- play_arrow CoS—Assign To Interface
- play_arrow Application QoS
- play_arrow IPsec VPN
- play_arrow Manual Key VPN
- play_arrow Dynamic VPN
-
- play_arrow Security Services
- play_arrow Content Security Default Configuration
- play_arrow Content Security Antivirus Profiles
- play_arrow Content Security Web Filtering Profiles
- play_arrow Content Security Antispam Profiles
- play_arrow Content Security Content Filtering Profiles
- play_arrow Content Security Custom Objects
- play_arrow Content Security Policies
- play_arrow IPS Policies
- play_arrow IPS Signatures
- play_arrow IPS Sensor
- play_arrow ALG
- play_arrow Metadata Streaming Profile
- play_arrow ATP Anti-malware
- play_arrow ATP SecIntel Profiles
- About the SecIntel Profiles Page
- Configure DNS Sinkhole
- Create a Command and Control Profile
- Edit a Command and Control Profile
- Delete a Command and Control Profile
- Create a DNS Profile
- Edit a DNS Profile
- Delete a DNS Profile
- Create an Infected Hosts Profile
- Edit an Infected Hosts Profile
- Delete an Infected Hosts Profile
- play_arrow ATP SecIntel Profile Groups
- play_arrow SSL Initiation Profiles
- play_arrow SSL Proxy Profiles
- play_arrow Firewall Authentication—Access Profile
- play_arrow Firewall Authentication—Address Pools
- play_arrow Firewall Authentication Settings
- play_arrow Firewall Authentication—UAC Settings
- play_arrow Firewall Authentication—Active Directory
- play_arrow Firewall Authentication—Local Authentication
- play_arrow Firewall Authentication—Authentication Priority
- play_arrow Firewall Authentication—JIMS
- play_arrow ICAP Redirect
-
Global Options
You are here: Security Policies & Objects > Security Policies.
To add global options:
Table 1 describes the fields on the Global Options page.
Field | Action |
|---|---|
| Pre-id Default Policy | |
Session Timeout | |
ICMP | Enter the timeout value for ICMP sessions ranging from 4 through 86400 seconds. |
ICMP6 | Enter the timeout value for ICMP6 sessions ranging from 4 through 86400 seconds. |
OSPF | Enter the timeout value for OSPF sessions ranging from 4 through 86400 seconds. |
TCP | Enter the timeout value for TCP sessions ranging from 4 through 86400 seconds. |
UDP | Enter the timeout value for UDP sessions ranging from 4 through 86400 seconds. |
Others | Enter the timeout value for other sessions ranging from 4 through 86400 seconds. |
| Logging | |
Session Initiate | Enable this option to start logging at the beginning of a session. Warning: Configuring session-init logging for the pre-id-default-policy can generate a large number of logs. |
Session Close | Enable this option to start logging at the closure of a session. Note: Configuring session-close logging ensures that the SRX Series Firewall generates the security logs if a flow is unable to leave the pre-id-default-policy. |
| Flow | |
| Aggressive Session
Aging Note: This option is not supported for logical systems and tenants. | |
Early Ageout | Enter a value from 1 through 65,535 seconds. The default value is 20 seconds. Specifies the amount of time before the device aggressively ages out a session from its session table. |
Low watermark | Enter a value from 0 through 100 percent. The default value is 100 percent. Specifies the percentage of session table capacity at which the aggressive aging-out process ends. |
High watermark | Enter a value from 0 through 100 percent. The default value is 100 percent. Specifies the percentage of session table capacity at which the aggressive aging-out process begins. |
| SYN Flood Protection | |
SYN Flood Protection | Enable this option to defend against SYN attacks. |
Mode | Select one of the following options:
|
| TCP MSS | |
All TCP Packets | Enter a maximum segment size value from 64 through 65,535 to override all TCP packets for network traffic. |
Packets entering IPsec Tunnel | Enter a maximum segment size value from 64 through 65,535 bytes to override all packets entering an IPsec tunnel. The default value is 1320 bytes. |
GRE Packets entering IPsec Tunnel | Enter a maximum segment size value from 64 through 65,535 bytes to override all generic routing encapsulation packets entering an IPsec tunnel. The default value is 1320 bytes. |
GRE Packets exiting IPsec Tunnel | Enter a maximum segment size value from 64 through 65,535 bytes to override all generic routing encapsulation packets exiting an IPsec tunnel. The default value is 1320 bytes. |
| TCP Session | |
Sequence number check | By default, this option is enabled to check sequence numbers in TCP segments during stateful inspections. The device monitors the sequence numbers in TCP segments. |
SYN flag check | By default, this option is enabled to check the TCP SYN bit before creating a session. The device checks that the SYN bit is set in the first packet of a session. If it is not set, the device drops the packet. |
