You are here: Security Policies & Objects > Security Policies.
Use this page to get a high-level view of your firewall policy rules settings. The security policy applies the security rules to the transit traffic within a context (from-zone to to-zone). The traffic is classified by matching its source and destination zones, the source and destination addresses, and the application that the traffic carries in its protocol headers with the policy database in the data plane.
Using a global policy, you can regulate traffic with addresses and applications, regardless of their security zones, by referencing user-defined addresses or the predefined address “any.” These addresses can span multiple security zones.
You can perform the following tasks from this page:
Add Global Options. See Global Options.
Add a Rule. See Add a Rule.
Edit a Rule. See Edit a Rule.
Clone a Rule. See Clone a Rule.
Delete a Rule. See Delete Rules.
To save the rules configuration, click Save.
To delete the rules configuration, click Discard.
Drag and drop the rules within a zone context. To do this, select the rule you want to place in a different sequence number within a zone context, drag and drop it using the cursor.
Note If you drag and drop a rule outside the zone context, J-Web will display a warning message that you cannot move the rule into another zone context.
Advanced search for policy rule. To do this, use the search text box present above the table grid. The search includes the logical operators as part of the filter string. An example filter condition is displayed in the search text box when you hover over the Search icon. When you start entering the search string, the icon indicates whether the filter string is valid or not.
For an advanced search:
Based on your input, a list of items from the filter context menu appears.
Note Press Spacebar to add an AND operator or OR operator to the search string. Press backspace to delete a character of the search string.
The supported search scenarios and its examples are as follows:
Logical operators:
AND operator for multiple parameters
Example: Name = Rule1 AND Dynamic Application = Malware
OR operator for same and different parameters
Example for same parameters: Name = Rule1 OR Name = Rule2
Example for different parameters: Name = Rule1 OR Dynamic Application = Malware
Combination of AND and OR operators
Example: Name = Rule1 AND (Dynamic Application = Malware OR Action = Reject)
Comma (,) separated value
Example: Name = Rule1, Rule2
!= operator for single parameter
Example: Name != Rule1
Dynamic applications or service objects with matching characters of Junos
When you search for the matching characters of Junos, such as, jun, un, nos, and os, the result displays all the matched objects but without junos prefix. For example, if the configured dynamic application is junos:01NET, the search for dynamic applications with jun characters display only 01NET.
Saved policy rules
When you add or edit a rule, click Save to save the configuration. To search for this saved configuration, you must wait for the device to synchronize the configuration.
Show or hide columns in the policy rule table. To do this, click Show Hide Columns icon in the top right corner of the policy rule table and select the columns you want to display or deselect the columns you want to hide on the page.
Table 174 describes few more options on Rules.
Table 174: More Options on the Security Policies Page
Field | Description |
|---|---|
Create Rule Before | Adds a new rule before the selected rule. ProcedureTo add a new rule before the selected rule:
|
Create Rule After | Adds a new rule after the selected rule. ProcedureTo add a new rule after the selected rule:
|
Clone | Clones or copies the selected firewall policy configuration and enables you to update the details of the rule. |
Clear All | Clears the selection of those rules that are selected. |
Table 175 describes the fields on the Security Policies page.
Note On the Security Policies page:
For logical systems and tenants, the URL Categories option will not be displayed.
For tenants, the Dynamic Application option will not be displayed.
Table 175: Fields on the Security Policies Page
Field | Description |
|---|---|
Seq | Displays the sequence number of rules in a zone pair. |
Hits | Displays the number of hits the rule has encountered. |
Rule Name | Displays the rule name. You can hover over the name column to view the rule name and its description. |
Source Zone | Displays the source zone that is specified in the zone pair for the rule. |
Source Address | Displays the name of the source address or address set for the rule. |
Source Identity | Displays the user identity of the rule. |
Destination Zone | Displays the destination zone that is specified in the zone pair for the rule. |
Destination Address | Displays the name of the destination address or address set for the rule. |
Dynamic Application | Displays the dynamic application names for match criteria in application firewall rule set. An application firewall configuration permits, rejects, or denies traffic based on the application of the traffic. |
Services | Displays the type of service for the destination of the rule. |
URL Category | Displays the URL category that you want to match criteria for web filtering category. |
Action | Displays the actions that need to take place on the traffic as it passes through the firewall. |
Advanced Security | Displays the security option that apply for this rule. |
Rule Options | Displays the rule option while permitting the traffic. |
Schedule | Displays the scheduler details that allow a policy to be activated for a specified duration. You can define schedulers for a single (nonrecurrent) or recurrent time slot within which a policy is active. |