Manage a Security Policy
Reorder a Security Policy
When new security policies are added, they automatically go to the end of the policy list, which can cause them to overshadow existing policies. To prevent this, place more specific ones first by adjusting the order using the Seq. (sequence number) field, which determines each policy's position in the sequence.
Global security policies follow a similar ordering scheme to that of zone pair security policy order.
To change the security policy order:
-
Select the security policy to edit, and click the edit icon (
).
The Edit Security Policies page is displayed. -
Move the policy to the desired location by using Move Policy
Up or Move Policy Down options.
-
If you move a security policy, the sequence numbers of all the security policies are automatically adjusted.
-
As shown in the illustration, on a device with multiple security policies, deployment follows the ascending sequence number for the zone pair. For example, consider two security policies, P1 and P2, assigned to device D1.
-
On device D1, policy P2 has sequence 1 and policy P1 has sequence 2.
-
Both policies operate from the untrust zone to the trust zone—P1 includes Rule-a, and P2 includes Rule-b.
-
When you deploy the policies, the deployment order is P2 (sequence 1) first, then P1 (sequence 2).
-
-
Figure 1: Security Policy Sequence-Based Deployment
-
Edit a Security Policy
To modify an existing security policy:
-
Select the security policy to edit, and click the pencil icon ().
The Edit Security Policies page is displayed.
Delete a Security Policy
You can delete a policy in Juniper Security Director Cloud if:
-
A new policy is created for the device.
-
The existing policy is obsolete.
-
The policy configuration was updated directly on the device using CLI.
-
The policy was not deployed after it was imported from the device.
After you reassign all devices in a policy to a different policy or import the device policy, you must deploy both the policies simultaneously to delete the old policy.
You cannot edit the security policy that is marked to be deleted. However, you can edit the rules for the policy.
-
Choose one of these procedures based on whether you assigned devices to the
policy.
Devices never assigned to the policy Devices assigned to the policy Select the policy and click the delete icon (
).Click Yes to confirm.
Select the policy and click the edit icon (
)
to display the Edit Security Policies
page.Unassign the devices, click OK, then click Yes.
The number of unassigned devices is displayed in the Status column on the Security Policies page.
Reassign the devices to a different policy or import the policy from the device.
Select both the old and new policies and click Deploy to display the Deploy page.
Click OK.
Jobs are created to remove the existing policy from the devices and the new policy on the devices. You can view the job status on the Jobs page.
On the Security Policies page, select the old policy, click the delete icon (
),
then click Yes to
confirm.
The policy is deleted from Juniper Security Director Cloud.