Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level


Specify which policy among the configured policies to be configured as the default IDP policy.

When you have multiple IDP policies configured and when policy conflict occurs, then the policy configured as default the IDP policy will be applied for a given session.


default-policy—Name of the default policy.


The default policy must be enforced in the data plane.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.3R1.

An IDP policy is directly assigned in the security policy rule. This is to simplify IDP policy usage. As a part of session interest check, IDP is enabled if an IDP policy is present in any of the matched rules. An IDP policy is activated in security policies by permitting the IDP policy within the application services using the set security policies from-zone zone-name to-zone zone-name policy policy-name then permit application-services idp-policy idp-policy-name command. Because the IDP policy name is directly used in the security policy rule, the [edit security idp active-policy policy-name] statement is deprecated.

When the device is configured with unified policies, you can configure multiple IDP policies to provide the flexibility to have multiple policies active at the same time and to configure one of the IDP policies as the default IDP policy.


If you have configured two or more IDP policies in a unified security policy, then you must configure the default IDP policy.