How do I configure a global explicit deny on a SRX series gateway ?

 To configure a global deny statement for all your policy entries the following commands are used.

set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match source-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match destination-address any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match application any
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop then deny
set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop then log session-init
set security policies apply-groups global-policy

 

 

Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial