SRX Services Gateway
Reply
New User
doit
Posts: 1
Registered: ‎01-22-2012
0

Change the security policy then take effect immediate ?

 

 

 

When we change the security policy on SRX, the device doesn't take effect immediate.Also can say,the already exist  sessions are not take effect.So how do we do,let the device take effect immediate when we change the security policy ?

 

 

Thanks

 

 

 

Distinguished Expert
spuluka
Posts: 2,829
Registered: ‎03-30-2009

Re: Change the security policy then take effect immediate ?

The default behavior is that when a policy is modified the new version only applies to sessions created after this change is committed.

You can configure the policy-rematch parameter.  This will check sessions again when a policy is modified and committed.  If the action is changed then all sessions are dropped and will be reevaluated as they are created.

set security policies policy-rematch

 

Steve Puluka BSEET
Juniper Ambassador
Expert Network Security Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.