Help Center Managing Configuration Managing Firewall Policies

Contents

Hide Contents

Customer Portal Online Help
- About the Documentation
- Overview
  - Introduction
- Dashboard
  - Using the Dashboard
    - About the Customer Portal Dashboard
  - Managing Objects
- Monitoring the Customer Portal
  - Monitoring Security Alerts and Alarms
    - About the Monitor Overview Page
    - Security Alerts Overview
    - About the Generated Alerts Page
    - About the Security Alerts Definitions Page
    - Creating Security Alert Definitions
    - Editing and Deleting Security Alert Definitions
      - Editing Security Alert Definitions
      - Deleting Security Alert Definitions
    - Cloning Security Alert Definitions
  - Monitoring Security and Device Events
  - Monitoring SD-WAN Events
    - SD-WAN Events Overview
    - About the SD-WAN Events Page
  - Monitoring Applications
  - Monitoring Threats
    - About the Threats Map (Live) Page
  - Monitoring Jobs
    - About the Jobs Page
    - Editing and Deleting Scheduled Jobs
      - Editing Scheduled Jobs
      - Deleting Scheduled Jobs
    - Viewing Job Details
- Managing Resources
  - Managing Devices
    - Multidepartment CPE Device Support
    - About the Devices Page
    - Performing Return Material Authorization (RMA) for a Single-CPE Device
    - Performing Return Material Authorization (RMA) for Dual-CPE Devices
      - Performing RMA for an NFX Cluster
      - Performing RMA for an SRX Cluster
    - Granting RMA for a Device
    - Managing a Single CPE Device
    - Rebooting a CPE Device
  - Managing Device Images
- Managing Configuration
  - Managing Network Services
  - Managing Firewall Policies
    - Firewall Policy Overview
    - About the Firewall Policy Page
    - Creating Firewall Policy Intents
    - Editing, Cloning, and Deleting Firewall Policy Intents
    - Selecting Firewall Source
    - Selecting Firewall Destination
    - Firewall Policy Examples
    - Firewall Policy Schedules Overview
    - About the Firewall Policy Schedules Page
    - Creating Schedules
    - Editing, Cloning, and Deleting Schedules
  - Unified Threat Management
    - UTM Overview
    - Configuring UTM Settings
    - About the UTM Profiles Page
    - Creating UTM Profiles
    - Editing, Cloning, and Deleting UTM Profiles
      - Editing UTM Profiles
      - Cloning UTM Profiles
      - Deleting UTM Profiles
    - About the Web Filtering Profiles Page
    - Creating Web Filtering Profiles
    - Editing, Cloning, and Deleting Web Filtering Profiles
      - Editing Web Filtering Profiles
      - Cloning Web Filtering Profiles
      - Deleting Web Filtering Profiles
    - About the Antivirus Profiles Page
    - Creating Antivirus Profiles
    - Editing, Cloning, and Deleting Antivirus Profiles
      - Editing Antivirus Profiles
      - Cloning Antivirus Profiles
      - Deleting Antivirus Profiles
    - About the Antispam Profiles Page
    - Creating Antispam Profiles
    - Editing, Cloning, and Deleting Antispam Profiles
      - Editing Antispam Profiles
      - Cloning Antispam Profiles
      - Deleting Antispam Profiles
    - About the Content Filtering Profiles Page
    - Creating Content Filtering Profiles
    - Editing, Cloning, and Deleting Content Filtering Profiles
      - Editing Content Filtering Profiles
      - Cloning Content Filtering Profiles
      - Deleting Content Filtering Profiles
    - About the URL Patterns Page
    - Creating URL Patterns
    - Editing, Cloning, and Deleting URL Patterns
      - Editing URL Patterns
      - Cloning URL Patterns
      - Deleting URL Patterns
    - About the URL Categories Page
    - Creating URL Categories
    - Editing, Cloning, and Deleting URL Categories
      - Editing URL Categories
      - Cloning URL Categories
      - Deleting URL Categories
  - Managing SD-WAN
    - SLA Profiles and SD-WAN Policies Overview
    - About the SD-WAN Policy Page
    - Creating SD-WAN Policy Intents
    - Editing and Deleting SD-WAN Policy Intents
      - Editing SD-WAN Policy Intents
      - Deleting SD-WAN Policy Intents
    - About the Application SLA Profiles Page
    - Creating SLA Profiles
    - Editing and Deleting SLA Profiles
      - Editing an SLA Profile
      - Deleting SLA Profiles
  - Managing NAT Policies
    - NAT Policies Overview
    - About the NAT Policies Page
    - Creating NAT Policies
    - Editing and Deleting NAT Policies
      - Editing NAT Policies
      - Deleting NAT Policies
    - About the Single NAT Policy Page
    - Creating NAT Policy Rules
    - Editing, Cloning, and Deleting NAT Policy Rules
    - Deploying NAT Policy Rules
    - Selecting NAT Source
    - Selecting NAT Destination
    - NAT Pools Overview
    - About the NAT Pools Page
    - Creating NAT Pools
    - Editing, Cloning, and Deleting NAT Pools
  - Managing SSL Proxies
    - SSL Forward Proxy Overview
    - About the SSL Proxy Policy Page
    - Creating SSL Proxy Policy Intents
    - Editing, Cloning, and Deleting SSL Proxy Policy Intents
    - Understanding How SSL Proxy Policy Intents Are Applied
    - About the SSL Proxy Profiles Page
    - Creating SSL Forward Proxy Profiles
    - Editing, Cloning, and Deleting SSL Forward Proxy Profiles
    - Configuring and Deploying an SSL Forward Proxy Policy
  - Managing Shared Objects
    - Addresses and Address Groups Overview
    - About the Addresses Page
    - Creating Addresses or Address Groups
    - Editing, Cloning, and Deleting Addresses and Address Groups
    - Services and Service Groups Overview
    - About the Services Page
    - Creating Services and Service Groups
    - Creating Protocols
    - Editing and Deleting Protocols
      - Editing Protocols
      - Deleting Protocols
    - Editing, Cloning, and Deleting Services and Service Groups
    - Application Signatures Overview
    - About the Application Signatures Page
    - Creating Application Signature Groups
    - Editing, Cloning, and Deleting Application Signature Groups
    - About the Departments Page
    - Creating a Department
    - Modifying a Department
    - Deleting a Department
  - Managing Deployments
- Managing Sites and Site Groups
  - Managing Sites
  - Managing Site Groups
    - About the Site Groups Page
    - Creating Site Groups
- Viewing Reports
  - Security Reports
    - Reports Overview
    - About the Security Report Definitions Page
    - Performing Different Actions on Reports
    - About the Security Generated Reports Page
    - Creating Log Report Definition
    - Creating Bandwidth Report Definition
    - Editing and Deleting Log Report Definitions
      - Editing the Log Report Definition
      - Deleting Log Report Definitions
    - Editing and Deleting Bandwidth Report Definitions
      - Editing the Bandwidth Report Definition
      - Deleting Bandwidth Report Definitions
  - SD-WAN Reports
    - About the SD-WAN Report Definitions Page
    - Editing and Deleting SD-WAN Report Definitions
      - Editing the SD-WAN Report Definition
      - Deleting SD-WAN Report Definitions
    - Creating SD-WAN Tenant Performance Report Definition
    - Creating SD-WAN Site Performance Report Definition
    - About the SD-WAN Generated Reports Page
- Administration
  - Managing Tenant Users
    - Role-Based Access Control Overview
    - About the Tenant Users Page
    - Adding Tenant Users
    - Editing and Deleting Tenant Users
      - Editing Tenant Users
      - Deleting Tenant Users
  - Licenses
    - About the Licenses Page
  - Signature Database
  - Managing Certificates
    - Certificates Overview
    - About the Certificates Page
    - Importing a Certificate
    - Installing and Uninstalling Certificates
      - Installing a Certificate
      - Uninstalling a Certificate
  - Managing Juniper Identity Management Service

Hide Contents

Customer Portal Online Help
- About the Documentation
- Overview
  - Introduction
- Dashboard
  - Using the Dashboard
    - About the Customer Portal Dashboard
  - Managing Objects
- Monitoring the Customer Portal
  - Monitoring Security Alerts and Alarms
    - About the Monitor Overview Page
    - Security Alerts Overview
    - About the Generated Alerts Page
    - About the Security Alerts Definitions Page
    - Creating Security Alert Definitions
    - Editing and Deleting Security Alert Definitions
      - Editing Security Alert Definitions
      - Deleting Security Alert Definitions
    - Cloning Security Alert Definitions
  - Monitoring Security and Device Events
  - Monitoring SD-WAN Events
    - SD-WAN Events Overview
    - About the SD-WAN Events Page
  - Monitoring Applications
  - Monitoring Threats
    - About the Threats Map (Live) Page
  - Monitoring Jobs
    - About the Jobs Page
    - Editing and Deleting Scheduled Jobs
      - Editing Scheduled Jobs
      - Deleting Scheduled Jobs
    - Viewing Job Details
- Managing Resources
  - Managing Devices
    - Multidepartment CPE Device Support
    - About the Devices Page
    - Performing Return Material Authorization (RMA) for a Single-CPE Device
    - Performing Return Material Authorization (RMA) for Dual-CPE Devices
      - Performing RMA for an NFX Cluster
      - Performing RMA for an SRX Cluster
    - Granting RMA for a Device
    - Managing a Single CPE Device
    - Rebooting a CPE Device
  - Managing Device Images
- Managing Configuration
  - Managing Network Services
  - Managing Firewall Policies
    - Firewall Policy Overview
    - About the Firewall Policy Page
    - Creating Firewall Policy Intents
    - Editing, Cloning, and Deleting Firewall Policy Intents
    - Selecting Firewall Source
    - Selecting Firewall Destination
    - Firewall Policy Examples
    - Firewall Policy Schedules Overview
    - About the Firewall Policy Schedules Page
    - Creating Schedules
    - Editing, Cloning, and Deleting Schedules
  - Unified Threat Management
    - UTM Overview
    - Configuring UTM Settings
    - About the UTM Profiles Page
    - Creating UTM Profiles
    - Editing, Cloning, and Deleting UTM Profiles
      - Editing UTM Profiles
      - Cloning UTM Profiles
      - Deleting UTM Profiles
    - About the Web Filtering Profiles Page
    - Creating Web Filtering Profiles
    - Editing, Cloning, and Deleting Web Filtering Profiles
      - Editing Web Filtering Profiles
      - Cloning Web Filtering Profiles
      - Deleting Web Filtering Profiles
    - About the Antivirus Profiles Page
    - Creating Antivirus Profiles
    - Editing, Cloning, and Deleting Antivirus Profiles
      - Editing Antivirus Profiles
      - Cloning Antivirus Profiles
      - Deleting Antivirus Profiles
    - About the Antispam Profiles Page
    - Creating Antispam Profiles
    - Editing, Cloning, and Deleting Antispam Profiles
      - Editing Antispam Profiles
      - Cloning Antispam Profiles
      - Deleting Antispam Profiles
    - About the Content Filtering Profiles Page
    - Creating Content Filtering Profiles
    - Editing, Cloning, and Deleting Content Filtering Profiles
      - Editing Content Filtering Profiles
      - Cloning Content Filtering Profiles
      - Deleting Content Filtering Profiles
    - About the URL Patterns Page
    - Creating URL Patterns
    - Editing, Cloning, and Deleting URL Patterns
      - Editing URL Patterns
      - Cloning URL Patterns
      - Deleting URL Patterns
    - About the URL Categories Page
    - Creating URL Categories
    - Editing, Cloning, and Deleting URL Categories
      - Editing URL Categories
      - Cloning URL Categories
      - Deleting URL Categories
  - Managing SD-WAN
    - SLA Profiles and SD-WAN Policies Overview
    - About the SD-WAN Policy Page
    - Creating SD-WAN Policy Intents
    - Editing and Deleting SD-WAN Policy Intents
      - Editing SD-WAN Policy Intents
      - Deleting SD-WAN Policy Intents
    - About the Application SLA Profiles Page
    - Creating SLA Profiles
    - Editing and Deleting SLA Profiles
      - Editing an SLA Profile
      - Deleting SLA Profiles
  - Managing NAT Policies
    - NAT Policies Overview
    - About the NAT Policies Page
    - Creating NAT Policies
    - Editing and Deleting NAT Policies
      - Editing NAT Policies
      - Deleting NAT Policies
    - About the Single NAT Policy Page
    - Creating NAT Policy Rules
    - Editing, Cloning, and Deleting NAT Policy Rules
    - Deploying NAT Policy Rules
    - Selecting NAT Source
    - Selecting NAT Destination
    - NAT Pools Overview
    - About the NAT Pools Page
    - Creating NAT Pools
    - Editing, Cloning, and Deleting NAT Pools
  - Managing SSL Proxies
    - SSL Forward Proxy Overview
    - About the SSL Proxy Policy Page
    - Creating SSL Proxy Policy Intents
    - Editing, Cloning, and Deleting SSL Proxy Policy Intents
    - Understanding How SSL Proxy Policy Intents Are Applied
    - About the SSL Proxy Profiles Page
    - Creating SSL Forward Proxy Profiles
    - Editing, Cloning, and Deleting SSL Forward Proxy Profiles
    - Configuring and Deploying an SSL Forward Proxy Policy
  - Managing Shared Objects
    - Addresses and Address Groups Overview
    - About the Addresses Page
    - Creating Addresses or Address Groups
    - Editing, Cloning, and Deleting Addresses and Address Groups
    - Services and Service Groups Overview
    - About the Services Page
    - Creating Services and Service Groups
    - Creating Protocols
    - Editing and Deleting Protocols
      - Editing Protocols
      - Deleting Protocols
    - Editing, Cloning, and Deleting Services and Service Groups
    - Application Signatures Overview
    - About the Application Signatures Page
    - Creating Application Signature Groups
    - Editing, Cloning, and Deleting Application Signature Groups
    - About the Departments Page
    - Creating a Department
    - Modifying a Department
    - Deleting a Department
  - Managing Deployments
- Managing Sites and Site Groups
  - Managing Sites
  - Managing Site Groups
    - About the Site Groups Page
    - Creating Site Groups
- Viewing Reports
  - Security Reports
    - Reports Overview
    - About the Security Report Definitions Page
    - Performing Different Actions on Reports
    - About the Security Generated Reports Page
    - Creating Log Report Definition
    - Creating Bandwidth Report Definition
    - Editing and Deleting Log Report Definitions
      - Editing the Log Report Definition
      - Deleting Log Report Definitions
    - Editing and Deleting Bandwidth Report Definitions
      - Editing the Bandwidth Report Definition
      - Deleting Bandwidth Report Definitions
  - SD-WAN Reports
    - About the SD-WAN Report Definitions Page
    - Editing and Deleting SD-WAN Report Definitions
      - Editing the SD-WAN Report Definition
      - Deleting SD-WAN Report Definitions
    - Creating SD-WAN Tenant Performance Report Definition
    - Creating SD-WAN Site Performance Report Definition
    - About the SD-WAN Generated Reports Page
- Administration
  - Managing Tenant Users
    - Role-Based Access Control Overview
    - About the Tenant Users Page
    - Adding Tenant Users
    - Editing and Deleting Tenant Users
      - Editing Tenant Users
      - Deleting Tenant Users
  - Licenses
    - About the Licenses Page
  - Signature Database
  - Managing Certificates
    - Certificates Overview
    - About the Certificates Page
    - Importing a Certificate
    - Installing and Uninstalling Certificates
      - Installing a Certificate
      - Uninstalling a Certificate
  - Managing Juniper Identity Management Service

Firewall Policy Overview

Contrail Service Orchestration (CSO) provides the ability to create, modify, and delete firewall policy intents associated with a firewall policy. Firewall policies are presented as intent-based policies. A firewall policy intent controls transit traffic within a context that is derived out of the end-points defined in the intent. Intent-based firewall policies can incorporate both transport layer (Layer 4) and application layer (Layer 7) firewall constructs in a single intent. The underlying system, automatically analyzes the intent, translates them into the set of rules the devices understand. The choice of sequence and the assignment happens implicitly based on the endpoints in the intent definition. The intent consist of source and destination endpoints. Endpoints could be applications (L7), sites or site groups, IP address/address-groups, services, or departments.

Note: Intent based policies are not applicable for Hybrid WAN deployments.

Firewall policies provide security functionality by enforcing intents on traffic that passes through a device. Traffic is permitted or denied based on the action defined as the firewall policy intent.

A firewall policy provides the following features:

Permits, rejects, or denies traffic based on the application in use.
Identifies not only HTTP but also any application running on top of it, enabling you to properly enforce policies. For example, an application firewall intent could block HTTP traffic from Facebook but allow Web access to HTTP traffic from Microsoft Outlook.
Provides the ability to perform threat management on permitted traffic using UTM profiles. For more information on UTM profiles, see UTM Overview.

Related Documentation

Help us to improve. Rate this article.

Feedback Received. Thank You!

Previous

Managing Firewall Policies

Next

About the Firewall Policy Page

Related Topics

Need more help?

Ask questions in TechWiki

Contact Customer Support

Check documentation in TechLibrary

Rating by you:

X