Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Add Security Policies

Create a security policy and assign it to SRX Series Firewalls. A security policy can have both zone-based rules and global rules for the devices.

A security policy enforces rules for transit traffic, in terms of what traffic can pass through the security, and the actions that need to take place on traffic as it passes through the security. While creating security policies:

  • Define standard security policy constructs that reflect your organization's security intent, rather than creating device‑specific or site‑specific policies

  • Adopt naming conventions and standardized security policy structures to simplify ongoing lifecycle management and policy reviews.

Effective security policies are usually:

  • Ordered—Rules are evaluated top‑down; the first match is applied.
  • Least‑privilege based—Only required traffic is allowed; everything else is denied by default.
  • Regularly reviewed—Updated as applications, users, and threats change.
Prerequisites

Before you create a security policy, identify the devices to enforce the policy.

To create a security policy:

  1. Click Security > Security Policies.
    The Security Policies page is displayed.
  2. Click the plus icon (+).
    The Add Security Policy page is displayed.
  3. Complete the configuration according to the following guidelines:
    Table 1: Fields on the Add Security Policy Page
    Field Description

    Name

    Enter a name containing maximum 255 alphanumeric characters.

    The name can include spaces and some special characters.

    Description

    Enter a description containing maximum 255 characters for the security policy.

    Rule placement analysis

    Enable the rule placement analysis for security policy rules.

    • You can enable the rule placement analysis when you create or edit a security policy.

    • Rule placement analysis is available only for new rules in a security policy.

    Rule placement analysis helps you to avoid anomalies by suggesting correct rule placement. When you create a rule, Juniper Security Director Cloud performs rule placement analysis. The Suggested Rule Placement page suggests appropriate rule position with a reason for the rule placement suggestion.

    • Click Accept to accept the suggested rule placement.

    • Click Reject to go back to rules page and modify the rule.

    All devices

    Select the toggle button to apply the security policy to all devices.

    Select Devices

    Select the devices or MNHA pair to assign the security policy. Click the arrow (>) to move the devices to the Selected column.

    The Selected column displays the MNHA pair name and the devices in the pair. You can select only the devices in the pair or the MNHA pair name. If you select both and click >, an error message is displayed.

    Variable zones are supported for both standalone devices and MNHA pairs.

    Sequence No.

    Displays the sequence number of the security policy.

    New policies are added at the end of the list of security policies. You can reorder the sequence of the policy.

    1. Click Reorder to open the Select Policy Sequence page.

    2. Select the policy, and click Move Policy Up or Move Policy Down.

    3. Click OK.

  4. Click OK.

The new security policy is created and a confirmation message is displayed.