Creating Unified Firewall Policies
You can configure group or device policies that determine all the network resources within your organization and that identify the required security level for those resources.
Any device having standard and unified policies can be imported to unified policies.
Before You Begin
Create source (from-zone) and destination (to-zone) zones.
Create addresses and address sets.
Create services (applications) and service sets (application sets).
To create a unified firewall policy:
- Select Configure>Firewall Policy>Unified Policies.
- Click the + icon.
- Complete the configuration according to the guidelines provided in Table 1.
- Click OK. A unified firewall policy is created. Select the policy and click the + icon to configure policy rules. See Creating Firewall Policy Rules.
A policy is created according to your configuration. You can use this policy to assign rules, profiles, and schedules, To enable a policy, you must assign it to a domain. See Assigning Policies and Profiles to Domains.
Table 1: Unified Firewall Policy Settings
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 255 characters.
Enter a description for the group policy rules; maximum length is 255 characters. Comments entered in this field are sent to the device.
Select a profile for the policy:
Select the type of policy you want to create:
Starting Junos Space Security Director Release 16.2, both SRX Series devices and MX Series routers are listed. When a policy is published to a device, device-specific rules are published to the appropriate SRX Series devices or MX Series routers.
Select the devices on which the group policy will be published. For a group policy, you can include both SRX Series devices and MX Series routers. Select devices from the Available column and click the right arrow to move these devices to the Selected column. For device only policy, select the device with which you want to associate the policy.
Note: You can also search for devices by entering the device name, device IP address, or device tags in the Search fields in the Devices area. Once the searched devices appear, you can move them to the Selected pane.
You can assign devices with Junos OS Release 18.2 onward.
Note: Starting in Junos Space Security Director Release 20.1R1, logical system (LSYS) is supported on devices running Junos OS Release 18.3 and later.
Starting in Junos Space Security Director Release 21.2R1, tenant system (TSYS) is supported on devices running Junos OS Release 18.3 and later for SRX Series devices and Junos OS Release 20.1 and later for VSRX Series devices.
This is applicable for Group Policy only. Select Before Device Specific Policies or After Device Specific Policies. This decides the policy order when the devices policy configuration information is updated on the devices.
Policy Sequence No.
This is applicable for Group Policy only. Select this option to specify the order number for the policy. Policy lookup is performed in the order that the policies are configured. The first policy that matches the traffic is used. For more information, see Policy Ordering Overview.