ScreenOS Firewalls (NOT SRX)
Reply
Contributor
ye_line
Posts: 26
Registered: ‎04-22-2010
0

Default policy For SSG

Hi There:

 

may advise the default policy in the following platform, global policy is permit or deny  :

 

SSG5  

SSG20

SSG140

SSG320M

SSG350M

SSG520M

SSG550M

 

Thanks for any feedback.

 

Bin

 

 

Super Contributor
ELKIM
Posts: 227
Registered: ‎12-01-2008
0

Re: Default policy For SSG

Hi

 

if im not wrong all juniper firewall have default policy with deny action

 

thanks


EL

Distinguished Expert
spuluka
Posts: 2,822
Registered: ‎03-30-2009
0

Re: Default policy For SSG

The defaut policy for any zone to zone traffic is deny.  You can override this select by placing a default allow rule at the bottom of the policy stack.

 

When you create a zone the default setting is to allow intrazone traffic but you can change that to deny as part of the zone configuration.

Steve Puluka BSEET
Juniper Ambassador
Expert Network Security Engineer - UPMC Pittsburgh, PA
JNCIA-ER JNCIA-EX JNCIS-SEC JNCIP-SEC
JNCIS-FWV JNCIS-SSL
ACE PanOS 6
MCP - Managing Server 2003 MCP - Windows XP Professional
MCTS Windows 7
http://puluka.com/home
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.