Creating Firewall Policies
Before You Begin
Read the Firewall Policies Overview topic.
Review the firewall policies main page for an understanding of your current data set. See Firewall Policies Main Page Fields for field descriptions.
Create source (from-zone) and destination (to-zone) zones.
Create addresses and address sets.
Create services (applications) and service sets (application sets).
Use the Create Firewall Policies page to configure group or device policies that determine all the network resources within your organization and that identify the required security level for those resources.
To create a firewall policy:
A new policy is created according to your configuration. You can use this policy to assign rules, profiles, and schedules, To enable a policy, you must assign it to a domain. See Assigning Policies and Profiles to Domains.
Setting |
Guideline |
---|---|
General Information | |
Name |
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 255 characters. |
Description |
Enter a description for the group policy rules; maximum length is 255 characters. Comments entered in this field are sent to the device. |
Policy Options | |
Profile |
Select a profile for the policy:
|
Type |
Select the type of policy you want to create:
|
Device Selection | |
Devices |
Starting Junos Space Security Director Release 16.2, both SRX Series devices and MX Series routers are listed. When a policy is published to a device, device-specific rules are published to the appropriate SRX Series devices or MX Series routers. Select the devices on which the group policy will be published. For a group policy, you can include both SRX Series devices and MX Series routers. Select devices from the Available column and click the right arrow to move these devices to the Selected column. For device only policy, select the device with which you want to associate the policy. Note:
You can also search for devices by entering the device name, device IP address, or device tags in the Search fields in the Devices area. Once the searched devices appear, you can move them to the Selected pane. Note:
Starting in Junos Space Security Director Release 20.1R1, logical system (LSYS) is supported on devices running Junos OS Release 18.3 and later. Starting in Junos Space Security Director Release 21.2R1, tenant system (TSYS) is supported on devices running Junos OS Release 18.3 and later for SRX Series devices and Junos OS Release 20.1 and later for vSRX Virtual Firewall Series devices. |
Policy Sequence | |
Policy Placement |
(For Group Policy only). Select Before Device Specific Policies or After Device Specific Policies. This decides the policy order when the devices policy configuration information is updated on the devices. |
Policy Sequence No. |
(For Group Policy only). Select this option to specify the order number for the policy. Policy lookup is performed in the order that the policies are configured. The first policy that matches the traffic is used. For more information, see Policy Ordering Overview. |