Reorder a Security Policy Rule
The security policy applies the security rules to the transit traffic within a context (from-zone to to-zone). The action of the first rule that matches the traffic is applied to the packet. If there is no matching rules, the packet is dropped. The rules are matched from top to bottom, so it is a good idea to place more specific rules near the top of the list.
For example, a security policy P1 is configured from untrust zone to trust zone with two rules rule Rule-a and Rule-b respectively. If you select Rule-a and move it to the bottom, Juniper Security Director Cloud generates a command to push the Rule-b to first place in the device.
Steps to move security policy rule order: