SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Question about setting default security policy to permit all

    Posted 08-25-2014 16:24

    Hi All,

     

    If I am configuring an SRX and I issue:  set security policies default-policy permit all

     

    Does this also change the implicit deny at the end of a firewall filter/ACL to an implicit permit?  Or are we only dealing with security policy default behavior with that command?

     

    Also, if I were to set my SRX to packet-mode, I know this disables all security services on the device.  Does that include firewall filters and SSH functionality? I know it affects IPSec, so I just want to clarify anything else it affects.

     

    Thanks,

     

    Dean



  • 2.  RE: Question about setting default security policy to permit all

    Posted 08-25-2014 22:56

    Hello,

    We are dealing with default secuirty policy only ;if there is no match on intrazone, interzone, or global policies then it will check default-policy.

    Filters /ssh functionality to the SRX  is not affected by default-policy.

     

    -CK



  • 3.  RE: Question about setting default security policy to permit all
    Best Answer

    Posted 08-25-2014 23:26

    Hi Dean,

     

    set security policy default-policy permit all will only affect security policy only .

     

    Firewall Filter will work fine as configured.

     

    SRX in Packet mode  will restain you with security related configuration only,

     

    Firewall Filter and SSH will work fine.


    Regards
    rparthi
     

    Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too



  • 4.  RE: Question about setting default security policy to permit all

    Posted 08-26-2014 05:40

    Thanks to both of you guys.