Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

pre-id-default-policy

Syntax

Hierarchy Level

Description

During the initial policy lookup phase, which occurs prior to a dynamic application being identified, if there are multiple policies present in the potential policy list, the SRX Series device applies the default security policy until a more explicit match has occurred. Configures default policy actions that occur prior to dynamic application identification (AppID).

CAUTION:

Configuring session-init logging for the pre-id-default-policy can generate a large amount of logs. Each session that enters the SRX that initially matches the pre-id-default-policy will generate an event. We recommend only using this option for troubleshooting purposes.

Options

then

Specifies the policy action that has to be taken when the packet matches the criteria.

log

Specifies the log details at session close time and session initialization time.

  • Values:

    • session-init—Log at the beginning of a session

    • session-close—Log at the closure of a session

    Note:

    In recent versions of Junos OS, the factory-default configuration of an SRX includes the session-close knob. If not already present, we recommend that customers implement session-close logging within their pre-id-default-policy. This will ensure security logs are generated by the SRX if a flow is unable to leave the pre-id-default-policy. These events are generally a result of JDPI being unable to properly classify traffic, although they may also indicate potential attempts at evading the APPID engine.

session-timeout

When you update a session, the session timeout is configured, which specifies the session timeout details in seconds.

  • Values: icmp—Timeout value for ICMP sessions (seconds)

  • Range: 4 through 86,400

  • Values: icmp6—Timeout value for ICMP6 sessions (seconds)

  • Range: 4 through 86,400

  • Values: ospf—Timeout value for OSPF sessions (seconds)

  • Range: 4 through 86,400

  • Values: others—Timeout value for other sessions (seconds)

  • Range: 4 through 86,400

  • Values: tcp—Timeout value for TCP sessions (seconds)

  • Range: 4 through 86,400

  • Values: udp—Timeout value for UDP sessions (seconds)

  • Range: 4 through 86,400

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 18.2R1.