Table 16: show security policies Output Fields (continued)
Field DescriptionField Name
Name of a preconfigured or custom application whose type the packet matches, as
specified at configuration time.
• IP protocol: The Internet protocol used by the application—for example, TCP, UDP,
ICMP.
• ALG: If an ALG is explicitly associated with the policy, the name of the ALG is displayed.
If application-protocol ignore is configured, ignore is displayed. Otherwise, 0 is displayed.
However, even if this command shows ALG: 0, ALGs might be triggered for packets
destined to well-known ports on which ALGs are listening, unless ALGs are explicitly
disabled or when application-protocol ignore is not configured for custom applications.
• Inactivity timeout: Elapsed time without activity after which the application is
terminated.
• Source port range: The low-high source port range for the session application.
Applications
Status of the destination address translation traffic:
• drop translated—Drop the packets with translated destination addresses.
• drop untranslated—Drop the packets without translated destination addresses.
Destination Address Translation
An application firewall includes the following:
• Rule-set—Name of the rule set.
• Rule—Name of the rule.
• Dynamic applications—Name of the applications.
• Dynamic application groups—Name of the application groups.
• Action—The action taken with respect to a packet that matches the application
firewall rule set. Actions include the following:
• permit
• deny
• Default rule—The default rule applied when the identified application is not specified
in any rules of the rule set.
Application Firewall
• The action taken in regard to a packet that matches the policy’s tuples. Actions include
the following:
• permit
• firewall-authentication
• tunnel ipsec-vpn vpn-name
• pair-policy pair-policy-name
• source-nat pool pool-name
• pool-set pool-set-name
• interface
• destination-nat name
• deny
• reject
• services-offload
Action or Action-type
Session log entry that indicates whether the at-create and at-close flags were set at
configuration time to log session information.
Session log
Copyright © 2016, Juniper Networks, Inc.122
Getting Started Guide for Branch SRX Series
To Next Page
Loading...
Need help?
General
