Configuring Policies—Quick Configuration

You can use J-Web Quick Configuration to quickly configure security policies.

To configure security policies with Quick Configuration:

1. Select Configuration>Quick Configuration>Security Policies>Policies.
2. Select the Default Policy Action, Deny All or Permit All.
3. Select the zone direction (from zone and to zone) as shown in Figure 134. You must have preconfigured the security zones for which you want to set policies. For more information on zones, see Configuring Security Zones—Quick Configuration.

   Figure 134: Quick Configuration Policies Page for Security Policies

   

1. Click Show Configured Policies. The screen displays the message “ No policies have been defined for the selected zone direction.”
2. Click Add to configure a new policy.
3. Specify a policy name.
4. Specify a policy action. The form changes depending on the action specified (Selecting permit displays additional fields as shown in Figure 135). See Table 76 for the extended policy configuration fields.

   Figure 135: Security Policies Configuration

   

1. Optionally, you can select a scheduler name that you created earlier and whose schedule you want to associate with the policy. See Configuring Schedulers.
2. Click one of the following buttons:
   • To apply the configuration and stay on the Quick Configuration page, click Apply.
   • To apply the configuration and return to the main Configuration page, click OK.
   • To cancel your entries and return to the main page, click Cancel.

     Table 76: Security Policies Configuration Options

     Policy Action	Description
     Match Criteria	Source Address—Name of the source address or address set as entered in the source zone's address book. Destination Address—Name of the destination address or address set as entered in the destination zone's address book. Application—Name of a preconfigured or custom application or application set.
     Policy Action	Permit—Allows the packet to pass through the firewall. Reject—Blocks the packet from traversing the firewall. The firewall drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP destination unreachable, port unreachable message (type 3, code 3) for UDP traffic. For TCP and UDP traffic, the firewall drops the packet and notifies the source host as action Deny. Deny—Blocks and drops the packet from traversing the firewall, but does not send notification back to the source.
     IPsec-VPN Tunnel	Name of the IPsec-VPN tunnel.
     Pair Policy	Name of the policy with the same IPsec-VPN in the reverse direction to create a pair policy.
     Source NAT	Enable source Network Address Translation (NAT-src) and permit address and port translation on the permitted traffic.
     Destination NAT	Enable destination Network Address Translation (NAT-dst) and permit address and port translation on the permitted traffic.
     Firewall Authentication	Authenticate the client before forwarding the traffic. Two types of firewall authentication: Pass-through—Verifies traffic as it attempts to pass through the firewall. Web authentication—Verifies client authentication. For more information on authentication, see Firewall User Authentication Overview.
     Additional Policy Actions	Count—If count is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds. Log (session-init and session-close)—Logs session creation and session close events.
     Scheduler	Optionally, name a scheduler whose schedule determines when the policy is active.

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.