Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

policy-rematch

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 8.5. Support for the extensive option added in Junos OS Release 15.1X49-D20.

Description

Enable the device to reevaluate an active session when its associated security policy is modified. The session remains open if it still matches the policy that allowed the session initially.

The session is closed if its associated policy is renamed, deactivated, or deleted. However, you can use the extensive option to reevaluate an active session when its associated security policy is renamed, deactivated, or deleted.

The policy rematch feature is disabled by default.

Options

extensiveEnable the device to reevaluate an active session when its associated security policy is modified, renamed, deactivated, or deleted. The session remains active if it matches another policy that allows the session.
Note

The extensive option does not apply to ALG data sessions or to policies that specify a source-identity, application-services, destination-address (drop-untranslated or drop-translated), firewall-authentication, or a tunnel.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.