[Prev][Next][Report an Error]

Configuring Policies—Quick Configuration

You can use J-Web Quick Configuration to quickly configure security policies.

To configure security policies in the J-Web user interface:

Select Security>Policy>FW Policies.
If you want to change the default action for all new security policies, from the Default Policy Action list in the upper-right corner, select permit-all or deny-all and click OK.
Select one of the following policy configuration options:
- Add—Click Add to create a new security policy. The Add Policy dialog box appears.
- Edit—Select an existing policy and click Edit to change the selected policy’s configuration. The Edit Policy dialog box appears.
- Delete—Select an existing policy and click Delete to delete the selected policy. (You can skip the remaining steps in this section if you select this option.)
- Clone—Select an existing policy and click Clone to create a copy of the selected policy under a different name. The Clone policy dialog box appears.
- Deactivate/Activate—Select an existing policy and click Deactivate/Activate to disable or enable processing based on the selected policy. (You can skip the remaining steps in this section if you select this option.)
- Move—Select an existing policy and click Move to move the policy up or down in the list. For information about how policy order affects how policies are applied and processed, see . (You can skip the remaining steps in this section if you select this option.)
Select the Policy tab to specify the basic configuration requirements for the policy, including the name, from-zone, to-zone, source address, destination address, policy applications, and policy action. See Table 139 for more information.
Select the Logging/Count tab to specify logging requirements for the policy. See Table 140 for more information.
Select the Scheduling tab to select a scheduler whose schedule determines when the policy is active. (You must create the scheduler that you want to include in the policy before creating the policy.)
Select the Permit Action tab to specify the VPN, NAT, and authentication settings for the policy. See Table 141 for more information. (This tab appears only if you select Permit as the policy action in the Policy tab.)
Select the Application Services tab to specify the IDP, UTM, and WX settings for the policy. See Table 142 for more information. (This tab appears only if you select Permit as the policy action in the Policy tab.)
Select one of the following options:
- OK–To apply the configuration and return to the main Configuration page, click OK.
- Cancel–To cancel your entries and return to the main page, click Cancel.

Table 139: Policy Configuration Options

Field	Description
Policy Name	Specify a name for the security policy.
From Zone	Specify the source zone for the policy. (You must create the zones that you want to include in the policy before creating the policy.)
To Zone	Specify the destination zone for the policy. (You must create the zones that you want to include in the policy before creating the policy.)
Source Address	Specify the name of the source address or address set for the policy (as entered in the source zone’s address book) and move it to the Matched list using the arrows. If you want to add a new address to the list, select Add New Source Address. In the fields that appear, specify the new address and click Add. Note: Address names cannot begin with the following reserved prefixes. These prefixes are used only for address NAT configuration: static_nat_ incoming_nat_ junos_
Destination Address	Specify the name of the destination address or address set for the policy (as entered in the source zone’s address book) and move it to the Matched list using the arrows. If you want to add a new address to the list, select Add New Destination Address. In the fields that appear, specify the new address and click Add. Note: Address names cannot begin with the following reserved prefixes. These prefixes are used only for address NAT configuration: static_nat_ incoming_nat_ junos_
Applications	Specify the name of an application or application set to which the policy applies and move it to the Matched list using the arrows. If you do not want to specify an application, select any as the default application.
Policy Action	Specify the actions that need to take place on the traffic as it passes through the firewall: Permit—Allows the packet to pass through the firewall. Reject—Blocks the packet from traversing the firewall. The firewall drops the packet and sends a TCP reset (RST) segment to the source host for TCP traffic and an ICMP destination unreachable, port unreachable message (type 3, code 3) for UDP traffic. For TCP and UDP traffic, the firewall drops the packet and notifies the source host as action Deny. Deny—Blocks and drops the packet from traversing the firewall, but does not send notification back to the source.

Table 140: Logging/Count Configuration Options

Field	Description
Enable Count
Enable Count	Select this option to enable counting. If counting is enabled, counters are collected for the number of packets, bytes, and sessions that enter the firewall for a given policy. For counts (only for packets and bytes), you can specify that alarms be generated whenever the traffic exceeds specified thresholds. Note: The alarm threshold fields are disabled if Enable Count is not selected.
Per Minute Alarm Threshold	Specify threshold bytes for the per-minute alarm threshold. Enter any value from 0 through 4294967295 kilobytes.
Per Second Alarm Threshold	Specify threshold bytes for the per-second alarm threshold. Enter any value from 0 through 4294967295 kilobytes.
Log Options
Log at Session Close Time	Select this option if you want to log the events when the session closed.
Log at Session Init Time	Select this option if you want to log the events when the session is created.

Table 141: Permit Action Configuration Options

Field	Description
Tunnel — IPSec VPN
VPN	Specify the name of the IPsec-VPN tunnel.
Pair Policy
Pair Policy Name	Specify the name of the policy with the same IPsec-VPN in the reverse direction to create a pair policy.
NAT Translation
Options	Select one of the following options: None Drop packets with translated address Drop packets without translated address
Firewall Authentication	Use these options to authenticate the client before forwarding the traffic. The two types of firewall authentication are: Pass-through authentication Web authentication
Pass-through	Use pass-through authentication verifies traffic as it attempts to pass through the firewall.
Access Profile	Select the access profile for the pass-through from the drop-down list.
Client name	Specify the client name for the pass-through.
Web Redirect	Select the Web Redirect option if you want to redirect the pass-through traffic for Web authentication.
Web authentication	Use Web authentication to verify client authentication.
Client name	Specify the client name for the Web authentication.

Table 142: Application Services Configuration Options

Field	Description
IDP
Enable IDP	Select this option to enable IDP for the policy.
UTM Policy
UTM Policy	Select the required UTM policy from the drop-down list.
Redirect
Options	Select one of the following options: None. Redirect-wx Reverse Redirect-wx

[Prev][Next][Report an Error]