Converting Standard Policy to Unified Policy
You can convert a traditional firewall policy to a unified policy. Unified policies are security policies that enable you to use the dynamic applications as match conditions as part of the existing 5-tuple or 6-tuple (5-tuple with user firewall) match conditions to detect application changes over time. If the traffic matches the security policy rule, one or more actions defined in the policy are applied to the traffic.
To convert a standard firewall policy to a unified policy:
- Select Configure>Firewall Policy>Standard Policies.
The Standard Policies page appears.
- Right-click a policy and select Convert to Unified
Policy or select Convert to Unified Policy from the
The Policy Conversion page appears.
- Select an application signature value:
None—By default the value of the dynamic application signatures is set to None. In this case, the value of service is retained in all rules in the policy.
Any—The value of the service is set to junos-defaults. This enables the firewall policy to use default protocols and ports of dynamic applications.
- Select an IDP policy.
If you select an IDP policy during conversion, all firewall policy rules with IPS ON will be set to OFF and the selected IDP policy will be assigned to the firewall policy rule. If you do not select an IDP policy during conversion, firewall policy rules with IPS ON will be retained as is.
- Click OK.
A job is created to convert the standard policy to an unified policy.
- Select Run now to run the job immediately or Schedule at a later time to run the job at a specified date
The Conversion page is displayed.
- Click the job ID to view the details of the job on the job management page.
Starting in Junos Space Security Director Release 20.1 onward, you can convert a standard policy with application firewall configuration to unified policy.