Managing Rules and Policies
Helpful Tips
Copyright © 2010, Juniper Networks, Inc.
Managing rules and policies for multiple security devices can seem daunting at first. Take
some time to carefully design your policies to make them efficient.
Helpful Tips on page 507
Selecting Rules on page 508
Editing Rule Order on page 508
Using Cut, Copy, and Paste on Rules on page 508
Deleting a Rule on page 510
Disabling a Rule on page 510
Using Rule Groups on page 510
Reimporting Devices and Security Policies on page 510
Merging Policies on page 511
Importing SRX Series Devices That Contain Inactive Policies on page 513
Exporting Policies on page 513
Some helpful tips about managing your rules and policies:
Because a device can have only one security policy installed at a time, you must include
all rules for that device in one policy.
The Policies navigation tree lists security policies alphabetically. You can create (or
import) an unlimited number of security policies.
Each security policy contains a default firewall rulebase (Zone); you can add other
rulebases (Global, Multicast, IDP, Exempt, Backdoor) to create additional rules.
Each rulebase can contain one or more rules, up to 40,000 max for the security policy.
The top rule in the rulebase is rule 1, and second rule is rule 2, and so on. To combine
rules for easier management within the Zone rulebase, you can create rule groups.
Each rule group can contain one or more rules, up to 40,000 max for the security policy.
Rules within a rule group follow the rulebase numbering sequence.
The IDP, Exempt, or Backdoor rulebases are not included when you:
Merge two policies into a single policy
Import a security policy from an existing IDP-capable security device
Chapter 9: Configuring Security Policies
507