What happens when traffic is matched by a unified security policy?
When traffic matches a unified security policy, the SRX applies the action configured in that policy, such as permit, deny, reject, or redirect. Unified policies add AppID-based Layer 7 application matching to security policy processing, but they still behave like ordered firewall policies: once the matching policy is found, the firewall applies that policy action instead of continuing through additional policy entries. Juniper states that after AppID identifies the application and the matching policy is found, the actions are applied according to the policy. Option A is incorrect because AppID identifies the application before policy action is applied; the traffic is not merely ''assigned'' an application. Options B and D are incorrect because policy processing does not continue after a valid match.
Currently there are no comments in this discussion, be the first to comment!