ScreenOS Firewalls (NOT SRX)
Highlighted
ScreenOS Firewalls (NOT SRX)

Default policy For SSG

04.29.10   |  
‎04-29-2010 07:32 PM

Hi There:

 

may advise the default policy in the following platform, global policy is permit or deny  :

 

SSG5  

SSG20

SSG140

SSG320M

SSG350M

SSG520M

SSG550M

 

Thanks for any feedback.

 

Bin

 

 

2 REPLIES
ScreenOS Firewalls (NOT SRX)

Re: Default policy For SSG

04.29.10   |  
‎04-29-2010 08:10 PM

Hi

 

if im not wrong all juniper firewall have default policy with deny action

 

thanks


EL

ScreenOS Firewalls (NOT SRX)

Re: Default policy For SSG

04.30.10   |  
‎04-30-2010 02:28 PM

The defaut policy for any zone to zone traffic is deny.  You can override this select by placing a default allow rule at the bottom of the policy stack.

 

When you create a zone the default setting is to allow intrazone traffic but you can change that to deny as part of the zone configuration.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home