[Report an Error]

Monitoring Policies

Use the monitoring policies feature to view summary information such as names of the source and destination addresses of the policy, name of a preconfigured or custom application defined for the policy, or actions to be taken for packets matching the policies.

To access policies using the CLI, enter the following CLI commands:

To access policies using J-Web:

  1. Select Monitor>Security>Policy>Activities in the J-Web interface. The page layout is as follows:
  2. Click one of the following in the list pane:

Table 20 summarizes key output fields in the security policies information display.

Table 20: Summary of Key Security Policies List Pane

Field

Values

Additional Information

Combo Options

From Zone

Name of the source zone.

  

To Zone

Name of the destination zone.

  

Filter

Filters the policy according to the selected From and To zones and displays only the related policies.

 

Total Policies

Number of policies listed in the policy list pane including the default policy.

 

Default policy

Actions the device takes for a packet that does not match any user-defined policy:

  • permit-all—Permit all traffic that does not match a policy.
  • deny-all—Displays the configured default-policy.
 

Policy List Pane

From Zone

Name of the source zone.

  

To Zone

Name of the destination zone.

  

Name

Name of the policy.

  

Source Address

Names of the source addresses for a policy. Address sets are resolved to their individual names. (In this case, only the names are given, not their IP address).

 

Destination Address

Name of the destination address (or address set) as it was entered in the destination zone’s address book. A packet’s destination address must match this value for the policy to apply to it.

 

Applications

Name of a preconfigured or custom application whose type the packet matches, as specified at configuration time.

 

Action

Permitting application services under a policy results in permitting the following possibilities:

  • gprs-gtp-profile— Specify GPRS Tunneling Protocol profile name
  • idp— Performs Intrusion detection and prevention
  • redirect-wx— Sets WX redirection
  • reverse-redirect-wx— Sets WX reverse redirection
  • uac-policy — Enables unified access control enforcement of policy
 

Count

Enables a counter and records the number of packets hitting the particular policy, such as the input and output packets and bytes.

 

Log

Indicates the log options for log session. The options are:

  • Session initialization
  • Session close
  • Both
 
[Report an Error]

Copyright © 2010, Juniper Networks, Inc. All rights reserved. Trademark Notice.