Understanding Firewall Policy Profiles
When a firewall policy profile is created, Security Director creates an object in the Security Director database that represents the firewall policy profile. You can use this object in the security policies.
The following are the Juniper Networks predefined firewall policy profiles:
All Logging Enabled—All logging options are enabled. Logging is enabled at session initiation and at the close of the session.
All Logging Disabled—All logging options are disabled.
Log Session Close—Logging of events is enabled when sessions are closed.
Log Session Init—Logging of events is enabled when sessions are created.
You cannot modify or delete Juniper Networks predefined firewall policy profiles. You can only clone them and create new firewall policy profiles.
You can create an object, which defines the user defined policy profiles for the following settings:
Log options:
Log at session initiation
Log at the close of a session
Enable counting for the number of packets, bytes, and sessions that enter the firewall for a given policy
Alarm threshold options
Firewall authentication advance settings:
Service offload
Pass-through authentication
Web authentication
User firewall authentication
Infranet authentication
Traffic redirection options:
No traffic redirection
Redirect WX—WX redirection for packets that arrive from the LAN
Reverse Redirect WX—WX redirection for the reverse flow of packets that arrive from the WAN
TCP-SYN Check and TCP Sequence Check—TCP session options for firewall policy profile