Help Center User GuideGetting StartedFAQRelease Notes
User Guide
Getting Started
Release Notes

Firewall Policies Overview

Security Director provides you with four types of firewall policies:

The basic settings of a firewall policy are obtained from the policy profile. The basic settings include log options, firewall authentication schemes, and traffic redirection options.

Firewall policies are displayed in a tabular view. You can select a policy and apply rules either inline or using the + icon. For more information, see Creating Firewall Policy Rules.

Starting in Junos Space Security Director Release 19.3R1, you can assign IPS policy to the standard firewall policy rule. The CLI is generated for the IPS policy along with the standard firewall policy (to which the IPS policy is assigned) for devices with Junos OS Release 18.2 onward. Since the IPS policy name is directly used in the firewall policy rule, the [edit security idp active-policy policy-name] statement is deprecated in Junos OS Release 18.2 onward. You can import and convert the deprecated active policy CLI into a new CLI from Security Director. You can import the IPS policy for the deprecated active-policy for Junos OS version 18.2 and later. After the IPS policy is imported, the rules associated with the firewall policy for the device is updated with IPS policy details. On subsequent update from Security Director, you can see the new firewall policy CLIs, in preview, to attach IDP and the same can be updated to device.


  • In a device with Junos OS Release 18.2, you must assign same IPS policy to all the rules in the firewall policy, otherwise commit fails.

  • In a device with Junos OS Release 18.3 onward, you can assign different IPS policy to the rules in the firewall policy. You must set a default IDP policy, otherwise commit fails.

Related Documentation

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      

Additional Comments

800 characters remaining

May we contact you if necessary?


Need product assistance? Contact Juniper Support