Reviewing the Firewall Rule Service for Exceptions to Stateful Firewalls

The SRC sample data provides one service for firewall exceptions, serviceName=FirewallRule, l=entJunos, o=Scopes, o=umc, that is designed to work with Enterprise Manager Portal. Do not modify the definition for this service or its associated policy.

You can modify the allowed priority ranges for the service. See Configuring Priorities for Stateless or Stateful Firewall Services.

Each subscription to this service adds a rule to the stateful firewall. The FirewallRule service and its associated policy are general and contain many parameters, such as the priority of the firewall exception and the action that the firewall should take. IT managers supply actual values for these parameters through Enterprise Manager Portal.

You can modify the priority ranges for this policy group if necessary; do not modify any other settings. The values for these parameters must be lower than the precedence settings for the policy rules in the basic firewall policy groups. This distinction allows the firewall exception to take priority over the basic firewalls. In the sample data, the FirewallRule service has priorities in the range 500–579.