Day One Tips
Day One Tips

ScreenOS Policy Processing Order

‎12-07-2015 02:56 AM

Hi,

 

Following this message in the ScreenOS forum, What is stated at :

https://www.fir3net.com/Firewalls/Juniper/netscreen-rule-processing-order.html

about policies processing order is wrong .

 

111.png

 

 

According to ScreenOS cookbook :

As discussed in this chapter's Introduction section, global policies are processed in ScreenOS after all the intra-zone and inter-zone policies. Furthermore, it should be noted that when ScreenOS goes through a policy list, it does not process policies any further as soon as a match is found. Hence, if your inter-zone or intra-zone policies have an explicit Source-Any to Destination-Any deny/reject policy at the end of the policy set, the global policies will never be reached in the ScreenOS processing order.

 

https://www.safaribooksonline.com/library/view/screenos-cookbook/9780596510039/ch07s12.html

 

Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]
https://srxtech.wordpress.com