Creating Firewall Policies
Use the Create Firewall Policies page to configure group or device policies that determine all the network resources within your organization and that identify the required security level for those resources.
Before You Begin
Read the Firewall Policies Overview topic.
Review the firewall policies main page for an understanding of your current data set. See Firewall Policies Main Page Fields for field descriptions.
Create source (from-zone) and destination (to-zone) zones.
Create addresses and address sets.
Create services (applications) and service sets (application sets).
To create a firewall policy:
- Select Configure > Firewall Policy > Standard Policies.
The Standard Policies page is displayed.
- Click the + icon.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK. A firewall policy is created. You can click on the policy to assign rules inline or select the policy and click the + icon to configure policy rules. See Creating Firewall Policy Rules.
A new policy is created according to your configuration. You can use this policy to assign rules, profiles, and schedules, To enable a policy, you must assign it to a domain. See Assigning Policies and Profiles to Domains.
Table 1: Firewall Policy Settings
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 255 characters.
Enter a description for the group policy rules; maximum length is 255 characters. Comments entered in this field are sent to the device.
Select a profile for the policy:
Select the type of policy you want to create:
Starting Junos Space Security Director Release 16.2, both SRX Series devices and MX Series routers are listed. When a policy is published to a device, device-specific rules are published to the appropriate SRX Series devices or MX Series routers.
Select the devices on which the group policy will be published. For a group policy, you can include both SRX Series devices and MX Series routers. Select devices from the Available column and click the right arrow to move these devices to the Selected column. For device only policy, select the device with which you want to associate the policy.
Note: You can also search for devices by entering the device name, device IP address, or device tags in the Search fields in the Devices area. Once the searched devices appear, you can move them to the Selected pane.
Note: Starting in Junos Space Security Director Release 20.1R1, logical system (LSYS) is supported on devices running Junos OS Release 18.3 and later.
Starting in Junos Space Security Director Release 21.2R1, tenant system (TSYS) is supported on devices running Junos OS Release 18.3 and later for SRX Series devices and Junos OS Release 20.1 and later for VSRX Series devices.
(For Group Policy only). Select Before Device Specific Policies or After Device Specific Policies. This decides the policy order when the devices policy configuration information is updated on the devices.
Policy Sequence No.
(For Group Policy only). Select this option to specify the order number for the policy. Policy lookup is performed in the order that the policies are configured. The first policy that matches the traffic is used. For more information, see Policy Ordering Overview.