Security Policy
A security policy is a set of statements, or rules, that controls traffic from a specified
source (source-address and optionally source-identity) to a specified destination
(desitnation-address) using a specified service (application). If the SRX Series device
receives a packet that matches the specifications of one of the rules in the security policy,
the SRX Series performs on the packet the action defined by that policy rule.
Table 7 on page 32 provides details of factory default settings for security policies on
branch SRX Series devices.
Table 7: Factory-Default Settings for Security Policies for Branch SRX Series Devices
ActionTo ZoneFrom Zone
AllowUntrust zoneTrust zone
AllowTrust zoneTrust zone
DenyTrust zoneUntrust zone
For more details on security policies, see Building Blocks Feature Guide for Security Devices.
Related
Documentation
Understanding Factory Default Configuration Settings of an SRX210 on page 7•
• Connecting Your Branch SRX Series for the First Time
• Example: Configuring Security Zones and Policies for SRX Series on page 32
Example: Configuring Security Zones and Policies for SRX Series
This example shows how to set up a new zone and add three application servers to that
zone. Then you provide communication between a host (PC) in the trust zone to the
servers in the newly created zone and also facilitate communication between two servers
within the zone.
To meet this requirement, you need an interzone security policy to allow traffic between
two zones and an intrazone policy to allow traffic between servers within a zone.
Requirements
This example uses the following hardware and software components:
•
An SRX210
•
Junos OS Release 12.1X44-D10
Overview
This example uses the network topology shown in Figure 3 on page 33.
Copyright © 2016, Juniper Networks, Inc.32
Getting Started Guide for Branch SRX Series
To Next Page
Loading...
Need help?
General
