01-22-2012 09:14 AM
When we change the security policy on SRX, the device doesn't take effect immediate.Also can say,the already exist sessions are not take effect.So how do we do,let the device take effect immediate when we change the security policy ?
01-22-2012 10:19 AM
The default behavior is that when a policy is modified the new version only applies to sessions created after this change is committed.
You can configure the policy-rematch parameter. This will check sessions again when a policy is modified and committed. If the action is changed then all sessions are dropped and will be reevaluated as they are created.
set security policies policy-rematch
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCDA JNCDS-DC JNCDS-SEC
ACE PanOS 6