Overview
By default, the TOE denies all traffic through an SRX Series Firewall. In fact, an implicit
default security policy exists that denies all packets. You can change this behavior by
configuring a standard security policy that permits certain types of traffic. The
implicit default policy can be changed to permit all traffic with the set
security policies default-policy
command; however, this is not recommended.
The security policy rule set is an ordered list of security policy entries enforced by the firewall rules, each of which contains the specification of a network flow and an action:
Source IP address and network mask
Destination IP address and network mask
Protocol
Source port
Destination port
Action: permit, deny, drop silently, log
Each packet is compared against entries in the security policy rule set in sequential order until one is found that matches the specification in the policy, or until the end of the rule set is reached, in which case the implicit default policy is implemented and the packet is discarded.