Statement introduced in Junos OS Release 9.2. Starting in Junos OS Release 18.4R1, the reset-on-policy command is deprecated—rather than immediately removed—to provide backward compatibility and a chance to bring your configuration into compliance with the new configuration.
IDP keeps track of connections in a table. If enabled, the security module resets the flow table each time a security policy loads or unloads. If this setting is disabled, then the security module continues to retain a previous security policy until all flows referencing that security policy go away. Juniper Networks recommends that you keep this setting enabled to preserve memory.
When a new IDP policy is loaded, the existing sessions are inspected using the newly loaded policy and the existing sessions not ignored for IDP processing. The reset-on-policy command is used to decide whether to continue the IDP inspection with the newly loaded IDP policy or not. This command is disabled by default and all the existing sessions continue to be inspected with newly loaded IDP policy.
In Junos OS Release 18.2R1-S1and Junos OS Release 18.3R1, the no-reset-on-policy option is not supported on SRX5000 line of devices with SRX5K-SPC3.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.