Hi everyone !
I just created address book based security policies allowing only specific subnets from my SRX240 and denying all other via the defaul policy deny-all. But the problem is i still can ping other networks which are not allowed in the policy. When looked at the policy that was allowing the traffic using " show security flow sessions" i saw the "self-traffic-policy" as reproduced below..
Session ID: 25063, Policy name: self-traffic-policy/1, Timeout: 4, Valid
In: 192.168.1.2/6 --> 172.16.20.2/1720;icmp, If: .local..0, Pkts: 1, Bytes: 84
Out: 172.16.20.2/1720 --> 192.168.1.2/6;icmp, If: st0.0, Pkts: 1, Bytes: 84
This is my first ever post and your help and support is anticipated and will be appreciated.