Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Overview

By default, the TOE denies all traffic through an SRX Series Firewall. In fact, an implicit default security policy exists that denies all packets. You can change this behavior by configuring a standard security policy that permits certain types of traffic. The implicit default policy can be changed to permit all traffic with the set security policies default-policy command; however, this is not recommended.

The security policy rule set is an ordered list of security policy entries enforced by the firewall rules, each of which contains the specification of a network flow and an action:

  • Source IP address and network mask

  • Destination IP address and network mask

  • Protocol

  • Source port

  • Destination port

  • Action: permit, deny, drop silently, log

Each packet is compared against entries in the security policy rule set in sequential order until one is found that matches the specification in the policy, or until the end of the rule set is reached, in which case the implicit default policy is implemented and the packet is discarded.