Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

About the Security Policy Rules Page

To access this page, click SRX > Security Policies > Security Policies and click on security policy rule link.

Use Security Policy Rules page to view and manage policy rules associated with the devices. You can filter and sort this information to get a better understanding of what you want to configure.

Tasks You Can Perform

You can perform the following tasks from this page:

  • Create a security policy rule. See Add a Security Policy Rule.

  • Modify, clone, or delete security policy rules. See Edit, Clone, and Delete a Security Policy Rule.

  • Deploy a security policy. See Deploy Security Policies.

  • Search for a security policy rule. Click the search icon in the top right corner of the page to search for a security policy rule. You can enter partial text or full text of the keyword in the text box and press Enter. The search results are displayed on the same page.

  • Show or hide columns. Click the Show Hide Columns icon at the top right corner of the page.

Field Descriptions

Table 1 provides guidelines on using the fields on the Security Policy Rule page.

Table 1: Fields on the Security Policy Rules Page
Field Description

Seq

Order number for the policy. Policy lookup is performed in the order that the policies are configured. The first policy that matches the traffic is used.

Hit Count

Displays how often a particular policy is used based on traffic flow. The hit count is the number of hits since the last reset.

Example: The hit count is especially useful when you are using a large policy set and you want to verify which rules are highly utilized and which ones are rarely used. Specifically, if you see that some of the rules are not being used, you can verify that the rules are not being shadowed by another policy.

This helps you manage the device without having to generate traffic manually.

Name

Name of the security policy rule.

Sources

Source endpoint to which a security policy rule applies. A source endpoint consists of zones, addresses, and identities.

Destinations

Destination endpoint to which a security policy rule applies. A destination endpoint can be zones, addresses, and URL categories.

Applications/Services

Applications and services associated with the security policy.

Action

Action applies to all traffic that matches the specified criteria.
  • Permit—Device permits traffic using the type of security authentication applied to the policy.
  • Deny—Device silently drops all packets for the session and does not send any active control messages such as TCP Resets or ICMP unreachable.
  • Reject—Device sends a TCP reset if the protocol is TCP, and device sends an ICMP reset if the protocols are UDP, ICMP, or any other IP protocol. This option is useful when dealing with trusted resources so that applications do not waste time waiting for timeouts and instead get the active message.
  • Redirect—The redirect URL or a custom message to be shown when HTTP requests are blocked.

  • Tunnel—Device permits traffic using the type of VPN tunneling options you applied to the policy.

Security Subscriptions

Security subscription options:
  • IPS—IPS profile to monitor and prevent intrusions.

  • Content Security— Content security profile for protection against multiple threat types including spam and malware, and control access to unapproved websites and content.

    Note:

    To select Juniper NextGen Content security profile, the Junos OS version must be 23.3R1 or later.

  • Decrypt profile

    Decrypt profile performs SSL encryption and decryption between the client and the server to obtain granular application information and enable you to apply advanced security subscriptions protection and detect threats.

  • Anti-malware profile— The anti-malware profile lets you define which files to send to the ATP cloud for inspection and the action to be taken when malware is detected.

  • SecIntel profile group— SecIntel profile group are used to add SecIntel profiles, such as C&C, DNS, and infected hosts.

Options

Displays scheduling, logging, and rule option information applicable to the security policy rule.

Deploy Status

Displays the deployment status.