Security

last person joined: 7 days ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

  • 1.  Junos Space Security Director - Firewall Policy

     
    Posted 11-07-2013 07:19

    Hi All,

     

    Can anyone explains what's the difference between a pre rule and post rule?  I've gone through some docs and also the virtual lab on the learning academy, but there isn't a lot of info.

     

    Thanks in advance.

    Mas



  • 2.  RE: Junos Space Security Director - Firewall Policy
    Best Answer

    Posted 11-12-2013 01:27

    Hi,

     

    Pre and post rules become neccesarry when using group rules.

    Suppose you have 3 firewalls, each of them has it's own policy but a company wide policy must be applied to all of the as well, you can use a group policy and assign is to all 3 firewalls. All rules created in the group policy as a pre rule will be added to before each device own rules and all rules created in the group policy as a post rule will be added after each device own rules.

     

    When you look at the device on the CLI you will notice the rules are ordered this way.

    It may look like this.

     

    from zone X to zone Y

    policy A (created as group policy Pre rule)

    policy B (created as group policy Pre rule)

    policy C (created as device policy)

    policy D (created as device policy)

    policy E (created as device policy)

    policy F (created as group policy Post rule)

     


    Multiple group policies can be made and attached to the same firewalls with a precedence to set the order.

     

    I hope this makes sense

     

    Z.