Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Understanding Firewall Policy Profiles

When a firewall policy profile is created, Security Director creates an object in the Security Director database that represents the firewall policy profile. You can use this object in the security policies.

The following are the Juniper Networks predefined firewall policy profiles:

  • All Logging Enabled—All logging options are enabled. Logging is enabled at session initiation and at the close of the session.

  • All Logging Disabled—All logging options are disabled.

  • Log Session Close—Logging of events is enabled when sessions are closed.

  • Log Session Init—Logging of events is enabled when sessions are created.

Note:

You cannot modify or delete Juniper Networks predefined firewall policy profiles. You can only clone them and create new firewall policy profiles.

You can create an object, which defines the user defined policy profiles for the following settings:

  • Log options:

    • Log at session initiation

    • Log at the close of a session

    • Enable counting for the number of packets, bytes, and sessions that enter the firewall for a given policy

    • Alarm threshold options

  • Firewall authentication advance settings:

    • Service offload

    • Pass-through authentication

    • Web authentication

    • User firewall authentication

    • Infranet authentication

  • Traffic redirection options:

    • No traffic redirection

    • Redirect WX—WX redirection for packets that arrive from the LAN

    • Reverse Redirect WX—WX redirection for the reverse flow of packets that arrive from the WAN

    • TCP-SYN Check and TCP Sequence Check—TCP session options for firewall policy profile