Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

policy-rematch

Syntax

Hierarchy Level

Description

Enable the device to reevaluate an active session when its associated security policy is modified. The session remains open if it still matches the policy that allowed the session initially.

The session is closed if its associated policy is renamed, deactivated, or deleted. However, you can use the extensive option to reevaluate an active session when its associated security policy is renamed, deactivated, or deleted.

The policy rematch feature is disabled by default.

Options

extensive

When a policy is modified or deleted, extensive option checks if any suitable policy permit to keep these sessions alive. This check is done through a fully new policy lookup for the session to see if any policy can still permit it.

Note:

The extensive option does not apply to ALG data sessions or to policies that specify a source-identity, application-services, destination-address (drop-untranslated or drop-translated), firewall-authentication, or a tunnel.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5. Support for the extensive option added in Junos OS Release 15.1X49-D20.

Related Documentation