Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Reorder a Security Policy

By default, new security policies go to the end of a policy list. Therefore, it is possible for a security policy to eclipse or overshadow another security policy. You can correct the security policy overshadowing by simply changing the order of the security policies, putting the more specific one first. The Seq. (sequence number) field in the security policies allow you to change the policy order. This number identifies the location of your policy in relation to the entire sequence.

Steps to change the security policy order:

  1. Select SRX > Security Policy > SRX Policy.
    The Security Policies page is displayed with a list of security policies.
  2. Select the security policy that you want to edit, and then click the pencil icon.
    The Edit Security Policy page is displayed with the same options that you entered while creating the security policy.
  3. Click Reorder.
    The Select Policy Sequence page is displayed.
  4. Move the policy to the desired location by using Move Policy Up or Move Policy Down options.
  5. Click OK to save the changes.
    The reordered policy list appears on the Security Policy page.
    Note:

    • If you move a security policy, the sequence numbers of all the security policies are automatically adjusted.

    • If the same device has more than one security policy, then based on the sequence number of the security policies for the zone pair, the rules are pushed to the device. For example, a security policy P1 has sequence number 2 and security policy P2 has sequence number 1, and both the polices are assigned the same device D1. The security policy P1 is configured from untrust zone to trust zone with rule Rule-a. The security policy P2 is configured from untrust zone to trust zone with rule Rule-b. If you select these two policies and deploy, then the security policy P2 (sequence number 1) with rule Rule-a is deployed to the device first and then the security policy P1 (sequence number 2) with Rule-b is deployed.

    • Global security policies have the similar ordering scheme as that of zone pair security policy order.