SRX

Expand all | Collapse all

Chaining AV, IDP and Enhanced Web Filtering policies in trust to untrust policy

  • 1.  Chaining AV, IDP and Enhanced Web Filtering policies in trust to untrust policy

    Posted 10-01-2020 02:08

    Hi all,

     

    I have something like this:

     

    from-zone trust to-zone untrust {
        policy idp-app-policy-1 {
            match {
                source-address any;
                destination-address any;
                application any;
            }
            then {
                permit {
                    application-services {
                        idp;
                    }
                }
            }
        }
        policy utm-security-policy {
            match {
                source-address any;
                destination-address any;
                application any;
            }
            then {
                permit {
                    application-services {
                        utm-policy sophos-utm-policy;
                    }
                }
            }
        }
        policy utm_servers {
            match {
                source-address [ servers network_devices ];
                destination-address any;
                application any;
            }
            then {
                permit {
                    application-services {
                        utm-policy servers_and_network_devices;
                    }
                }
            }
        }
        policy trust-to-untrust {
            match {
                source-address any;
                destination-address any;
                application any;
            }
            then {
                permit;
            }
        }
    }

     

    I only seem to be hitting the idp-app-policy-1 policy as that's the first permit. I know I have to move the most specific matches to the top of the chain, but I think then only that will match and the traffic will then not go through the idp and sophos policies.

     

    What am I misunderstanding here and does above make sense? I want ALL traffic to be idp and sophos scanned and via the web filtering.

     

    Thanks.



  • 2.  Re: Chaining AV, IDP and Enhanced Web Filtering policies in trust to untrust policy

    Posted 10-01-2020 12:39

    Maybe I need Global Policies.