Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Clearing Sessions After Policy Changes

    Posted 10-03-2010 12:13

    I have been making changes to multiple policies, however, I am not positive the changes are applied instantly or if I need to clear the session table before existing sessions would need to be re-evaluated. 

     

    Do I need to clear sessions (or any other table) to have any policy changes applied immediately to existing sessions?



  • 2.  RE: Clearing Sessions After Policy Changes
    Best Answer

    Posted 10-03-2010 23:39

    If you have a look at the packet flow process, you'll have the answer to your question.

     

    The device searches for an existing session before having a look at the policy.

    (order is  : sanity check - session lookup - destination lookup - zone check - policy lookup).

     

    If you change the policy and clear the sessions, you can have some issues as some applications

    don't like the sessions to be broken. You'll have to reestablish all tcp sessions.



  • 3.  RE: Clearing Sessions After Policy Changes

    Posted 10-04-2010 13:05

    Yea... I managed to find my documentation after I posted this 🙂

     

    Thanks for the answer!