Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Security Policies Overview

Security policies enforce specific rules to manage traffic through a device, allowing or blocking it as dictated by these rules. These regulations not only control the flow of data but can also integrate both network transport (Layer 4) and application (Layer 7) protocols into one regulation. Rules in security policies usually include source and destination information, IP addresses, user identities, URL categories, services, and applications.

You can create, edit, and remove security policies that are linked to devices. To access this page, select Security > Security Policies.

Note:

On CPE devices or next-gen firewalls with Junos OS Release 18.2R1 or later, a security policy functions as a unified security policy. This permits dynamic applications to serve as matching criteria alongside conditions, eliminating the need for a distinct application security configuration to control application traffic.

Security Policy Benefits

  • Permits, rejects, denies, redirects, or tunnels the traffic based on the application.
  • Recognizes not just HTTP traffic but also any applications operating over it, which helps in enforcing policies effectively. For instance, a security rule for applications might block HTTP traffic originating from Facebook while permitting HTTP web access to Microsoft Outlook.
  • Provides advanced security protection by specifying the following:
    • Intrusion prevention system (IPS) profile
    • Content security profile
    • SSL proxy profile

  • Categorizes rules as zone-based rules and global rules.

    • Zone-based-rules are rules with zones as source and destination endpoints.

    • Global rules give the flexibility to perform action on the traffic without any zonal restrictions.

      Table 1: Parameters for Zone-based and Global rules
      Sources Destinations Applications/Services Action Advanced Security Options Supported Options

      Zone

      Addresses

      Identity

      Zone

      Addresses

      URL Categories

      Applications

      Services

      Permit

      Deny

      Reject

      Redirect

      Tunnel

      IPS Profile

      Content Security Profile

      SSL Proxy Profile

      Schedules

      Logging

      Rule Options

Security Policies and Rule Placement

Security policies and rules are applied in the sequence they are displayed on the Security Policies page.

For example, two policies are assigned—P1 (sequence 1) with Rule-a and Rule-b, and P2 (sequence 2) with Rule-a and Rule-b. After deployment, the order is:

  1. P1 Rule-a

  2. P1 Rule-b

  3. P2 Rule-a

  4. P2 Rule-b

New policies and rules are added at the end of the list. The default policy appears last and denies all traffic. One rule can mask another rule. To change the order of policies and rules, use the Reorder functions.

Security Policies Field Descriptions

Table 2: Fields on the Security Policies Page

Field

Description

Seq.

The order number of the policy.

Name

The name of the security policy.

Rules

The number of rules associated with the policy.

If no rule is associated with the policy, Add Rule is displayed. See Add and Manage Security Policy Rules

Devices

The number of devices associated with the policy.

Status

The deployment status of the security policy.

  • Deploy Successful
  • Deploy Pending
  • Deploy Failed
  • Deploy scheduled
  • Deploy in progress
  • Redeploy required

Modified By

The user who modified the policy.

Last Modified

The date and time when the policy was modified.

Description

The description of the security policy.

Related Documentation