Policy List

The Policy List page lists policies configured on the security device. The table on this page contains information on policies for specific source-destination zones. The following information is shown for each policy:

ID: Indicates the number assigned to the policy to identify it.

Source: Indicates the name of the source address in the policy.

Destination: Indicates the name of the destination address in the policy.

Service: Indicates the service associated with the policy.

Action: Indicates the action selected for this policy against traffic that matches the policy criteria. See WebUI Policy Icons to view a table that defines the different icons used in the table.

Options: Indicates the options selected for this policy. See WebUI Policy Icons to view a table that defines the different icons used in the table.

Configure: Click Edit to modify the entry. Click Clone to copy a policy that you can use as the basis for a new policy. Click Remove to delete a policy.

Enable: Clear the check box to disable a policy. Select the check box to enable a policy.

Move: Click the circular arrows or click the single arrow to move a policy within a list. See Policy Reordering for more information.

Defining a Policy

Policies are comprised of addresses (source and destination), services, actions, and options. Policies instruct the security device to permit, deny, tunnel, authenticate, perform address translation, prioritize, schedule, and monitor traffic attempting to cross from one security zone to another. You can also apply intrazone policies to traffic attempting to cross from one interface to another interface bound to the same zone.

For more information on policies, refer to the NetScreen Concepts & Examples ScreenOS Reference Guide available on the documentation CD that shipped with your security product and also on the Juniper Networks support site

To Create a New Policy

  1. Select a source zone from the From drop-down list.

  2. Select a destination zone from the To drop-down list.

  3. Click New. For more information on configuring a policy, see the Policy Configuration page.

Note: To create a global policy, select Global from both the From and To drop-down lists.

To Modify a Policy

  1. In the Configure column, click Edit for the policy you want to modify.

The Policy Configuration page appears.

  1. Edit the configuration, and then click OK to save your changes.

 

To Enable and Disable a Policy

By default, a policy is enabled. To disable the policy, clear the check box in the Enable column.

To restore a disabled policy, select the check box in the Enable column.

 

To Remove a Policy

  1.  In the Configure column, click Remove for the policy that you want to remove.

A system message prompts you to confirm the removal.

  1. Click OK to confirm the removal, or Cancel to cancel it.

     

Cloning a Policy

The Clone feature is useful when you want to create a policy that is very similar to an existing one. Some policies are almost the same except for one or a few settings, for example, the Service and Action settings. Instead of configuring a completely new policy, you can use the Clone feature and then make minor modifications.

To Clone a Policy

  1. Click Clone for the policy that most closely matches the new policy you want to create.

Clicking Clone opens the Policy Edit page for that policy.

  1. Rename the policy (optional).

  2. Modify the configuration.

  3. Click OK to save your new policy.

     

Reordering policies

All attempted access is checked against the policies for a specific source-destination zone pair, beginning with the first policy listed on the Policies page and moving through the list. Policies should be ordered from specific to general, as action applies to the first matching policy.

To Order Policies

There are two ways to move policies: by clicking the circular arrows or by clicking the single arrow in the Configure column for the policy you want to move.

For more information on moving policies, see Policy Reordering.

 

Viewing Policies

To view all configured policies, select All zones in the From and To drop-down lists and click Go.  To view the policies for one specific zone to another, select the specific zones from the From and To drop-down lists, and click Go.

You can select how many policies per page you want to view, and you can jump from one page to another by selecting a page number from the drop-down menu next to Go to Page.

When viewing a list of policies, the WebUI uses icons to provide you a graphical summary of policy components. See WebUI Policy Icons to view a table that defines the different icons used in the policies page.

Searching Policies

Use the Policy Search feature to quickly find the policy or policies you are looking for.

To Search a Policy

  1. Click Search on the Policy List page, and enter specific information about the policy. You do not have to fill out every field.

Source Zone: Select the source zone of the policy.

Destination Zone: Select the destination zone of the policy.

Service: Select the service used by the policy.

Source Address Name: Enter the source address name of the policy.

Destination Address Name: Enter the destination address name of the policy.

Permit/Deny/Tunnel: Select the action of the policy.

Schedule: Select this option if the policy you are looking for has a schedule.

  1. Click Go to launch the search for the policy.