Powered by Blogger.

How do I configure a global explicit deny on a SRX series gateway ?

To configure a global deny statement for all your policy entries the following commands are used.


set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match source-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match destination-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match application any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop then deny
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop then log session-init
set security policies apply-groups global-policy
    Blogger Comment
    Facebook Comment