To configure a global deny statement for all your policy entries the following commands are used.
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match source-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match destination-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match application any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop then deny
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop then log session-init
set security policies apply-groups global-policy
Blogger Comment
Facebook Comment