[Prev][Next][Report an Error]

Configuring Policies—Quick Configuration

You can use J-Web Quick Configuration to quickly configure security policies.

To configure security policies in the J-Web user interface:

  1. Select Security>Policy>FW Policies.
  2. If you want to change the default action for all new security policies, from the Default Policy Action list in the upper-right corner, select permit-all or deny-all and click OK.
  3. Select one of the following policy configuration options:
  4. Select the Policy tab to specify the basic configuration requirements for the policy, including the name, from-zone, to-zone, source address, destination address, policy applications, and policy action. See Table 139 for more information.
  5. Select the Logging/Count tab to specify logging requirements for the policy. See Table 140 for more information.
  6. Select the Scheduling tab to select a scheduler whose schedule determines when the policy is active. (You must create the scheduler that you want to include in the policy before creating the policy.)
  7. Select the Permit Action tab to specify the VPN, NAT, and authentication settings for the policy. See Table 141 for more information. (This tab appears only if you select Permit as the policy action in the Policy tab.)
  8. Select the Application Services tab to specify the IDP, UTM, and WX settings for the policy. See Table 142 for more information. (This tab appears only if you select Permit as the policy action in the Policy tab.)
  9. Select one of the following options:

Table 139: Policy Configuration Options

Field

Description

Policy Name

Specify a name for the security policy.

From Zone

Specify the source zone for the policy. (You must create the zones that you want to include in the policy before creating the policy.)

To Zone

Specify the destination zone for the policy. (You must create the zones that you want to include in the policy before creating the policy.)

Source Address

Specify the name of the source address or address set for the policy (as entered in the source zone’s address book) and move it to the Matched list using the arrows.

If you want to add a new address to the list, select Add New Source Address. In the fields that appear, specify the new address and click Add.

Note: Address names cannot begin with the following reserved prefixes. These prefixes are used only for address NAT configuration:

  • static_nat_
  • incoming_nat_
  • junos_

Destination Address

Specify the name of the destination address or address set for the policy (as entered in the source zone’s address book) and move it to the Matched list using the arrows.

If you want to add a new address to the list, select Add New Destination Address. In the fields that appear, specify the new address and click Add.

Note: Address names cannot begin with the following reserved prefixes. These prefixes are used only for address NAT configuration:

  • static_nat_
  • incoming_nat_
  • junos_

Applications

Specify the name of an application or application set to which the policy applies and move it to the Matched list using the arrows. If you do not want to specify an application, select any as the default application.

Policy Action

Specify the actions that need to take place on the traffic as it passes through the firewall:

  • Permit—Allows the packet to pass through the firewall.
  • Reject—Blocks the packet from traversing the firewall. The firewall drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP destination unreachable, port unreachable message (type 3, code 3) for UDP traffic.

    For TCP and UDP traffic, the firewall drops the packet and notifies the source host as action Deny.

  • Deny—Blocks and drops the packet from traversing the firewall, but does not send notification back to the source.

Table 140: Logging/Count Configuration Options

Field

Description

Enable Count

Enable Count

Select this option to enable counting.

If counting is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds.

Note: The alarm threshold fields are disabled if Enable Count is not selected.

Per Minute Alarm Threshold

Specify threshold bytes for the per-minute alarm threshold.

Enter any value from 0 through 4294967295 kilobytes.

Per Second Alarm Threshold

Specify threshold bytes for the per-second alarm threshold.

Enter any value from 0 through 4294967295 kilobytes.

Log Options

Log at Session Close Time

Select this option if you want to log the events when the session closed.

Log at Session Init Time

Select this option if you want to log the events when the session is created.

Table 141: Permit Action Configuration Options

Field Description
Tunnel — IPSec VPN

VPN

Specify the name of the IPsec-VPN tunnel.

Pair Policy

Pair Policy Name

Specify the name of the policy with the same IPsec-VPN in the reverse direction to create a pair policy.

NAT Translation

Options

Select one of the following options:

  • None
  • Drop packets with translated address
  • Drop packets without translated address
Firewall Authentication

Use these options to authenticate the client before forwarding the traffic. The two types of firewall authentication are:

  • Pass-through authentication
  • Web authentication
Pass-through

Use pass-through authentication verifies traffic as it attempts to pass through the firewall.

Access Profile

Select the access profile for the pass-through from the drop-down list.

Client name

Specify the client name for the pass-through.

Web Redirect

Select the Web Redirect option if you want to redirect the pass-through traffic for Web authentication.

Web authentication

Use Web authentication to verify client authentication.

Client name

Specify the client name for the Web authentication.

Table 142: Application Services Configuration Options

Field

Description

IDP

Enable IDP

Select this option to enable IDP for the policy.

UTM Policy

UTM Policy

Select the required UTM policy from the drop-down list.

Redirect

Options

Select one of the following options:

  • None.
  • Redirect-wx
  • Reverse Redirect-wx

[Prev][Next][Report an Error]