Modifying the Zones Configuration for Security Devices
You can use the Zones section on the Modify Configuration page to modify the security zone configuration for a device. You can modify settings related to zone name, system services, protocols, application tracking, and associate screen to the zone.
Refer to the Junos OS documentation (available at http://www.juniper.net/documentation/en_US/release-independent/junos/information-products/pathway-pages/junos/product/) for a particular release and device. There you can find detailed information on the configuration parameters for that device.
To modify the zones parameters:
- Select Devices > Security Devices.
The Security Devices page appears.
- Select the devices whose configuration you want to modify.
- From the More or right-click menu, select Configuration > Modify Configuration.
The Modify Configuration page appears.
- Click the Screens.
The Screens page appears.
- Modify the configuration according to the guidelines provided in Table 1.
- After modifying the configuration, you can cancel the changes, save the changes, preview the changes, or save the changes and deploy the configuration on the device. See Modifying the Configuration of Security Devices.
Table 1: Zones Settings
Modify the zone name.
Modify the description of the zone.
Enable this option to maintain the application usage statistics on a device.
By default, when each session closes, application track generates a message that provides the byte and packet counts and duration of the session, and then sends the message to the syslog host device.
Select the interfaces from the Available column to include in the selected list for the zones.
Select this option to disable specific incoming system service traffic, but only when the all system services option is defined.
The following system services are supported:
Select this option to disable specific incoming protocol traffic, but only when the all protocol option is defined.
The following protocols are supported:
Traffic Control Options
Enable this option to send a TCP packet with the RST (reset) flag set to 1 in response to a TCP packet with any flag other than SYN set and that does not belong to an existing session.
Select a security screen for a security zone to detect and block various kinds of traffic that the device determines as potentially harmful.
Interface Services and Protocols
Display the selected interfaces and system services and protocols for the interface.