some things about policies/sessions

1)  An ICMP packet occupies a session entry in SRX

2) There is an intra-zone policy applied by default so packets belonging to the same zone but in different interfaces cannot traverse unless there is a intra-zone policy permitting them.

3) If the policy doesn’t allow a packet, it cannot be seen in monitor traffic command.

About: rtoodtoo

Worked for more than 10 years as a Network/Support Engineer and also interested in Python, Linux, Security and SD-WAN // JNCIE-SEC #223 / RHCE / PCNSE

You have a feedback?

Discover more from

Subscribe now to keep reading and get access to the full archive.

Continue reading