Table of Contents
Advertisement
CHAPTER 9
Configuring Security Policies
Copyright © 2010, Juniper Networks, Inc.
Firewall rules define access to your network, including permitted services, users, and time
periods. You can also use firewall rules to control the shape of your network traffic as it
passes through the firewall or to log specific network events. Multicast rules permit
multicast control traffic, such as IGMP or PIM-SM messages, to cross Juniper Networks
security devices. Multicast rules permit multicast control traffic only; to permit data traffic
(both unicast and multicast) to pass between zones, you must configure firewall rules.
Because all incoming and outgoing network traffic passes through your firewall, it is the
ideal location to control the traffic flowing on your network. Creating security policies
enables you to define what type of traffic should be permitted on your network, as well
as how that traffic is treated while inside. A security policy can contain firewall rules (in
the Zone and Global rulebases), multicast rules (in the Multicast rulebase), and IDP rules
(in the Application Policy Enforcement (APE), IDP, Exempt, Backdoor Detection, SYN
Protector, Traffic Anomalies, and Network Honeypot rulebases).
This chapter contains the following sections:
About Security Policies on page 436
Creating a Security Policy on page 444
Configuring Firewall Rules on page 448
Configuring Multicast Rules on page 466
Configuring Antivirus Rules on page 467
Configuring Antispam Rules on page 468
Configuring IDP Rules on page 468
Configuring Application Policy Enforcement (APE) Rules on page 483
Configuring Exempt Rules on page 491
Configuring Backdoor Rules on page 494
Configuring SYN Protector Rules on page 498
Configuring Traffic Anomalies Rules on page 502
Configuring Network Honeypot Rules on page 506
Installing Security Policies on page 509
Managing Rules and Policies on page 514
435
Advertisement
Table of Contents
