From the course: Juniper Security Policies Fundamentals

Unlock the full course today

Join today to access over 22,400 courses taught by industry experts or purchase this course individually.

Policy rematch

Policy rematch

From the course: Juniper Security Policies Fundamentals

Start my 1-month free trial

Policy rematch

- [Instructor] Let's say you have a security policy that permits ssh traffic and you have an existing connection that's matching this policy. Then you change the policy to not match the ssh application. So the policy is no longer permitting ssh traffic. What happens to the existing connection? We would expect the device to terminate this connection but in reality, the device will continue to permit the ssh traffic for the existing connection. By default, configuration changes to security policies, do not disturb sessions in progress. Only new connections are affected. This includes modifications to policy actions, source and destination addresses and applications. Let's take a look at this on SRX device. I'm going to start of with the command show security policies from-zone trust to-zone untrust and as we scroll down, we can see a policy called ALLOW-ssh which matches any source address, any destination address, the junos-ssh application and the action is set to permit. Let's verify…

Contents