Here is the configuration in the policy
from-zone Trusted to-zone Untrusted {
policy Outbound {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
idp;
}
}
log {
session-close;
}
}
}
}
from-zone Untrusted to-zone Trusted {
policy Inbound {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
idp;
}
}
log {
session-close;
}
}
}
}
from-zone Untrusted to-zone junos-host {
policy RemoteAccess {
match {
source-address LGA_IP;
destination-address any;
application any;
}
then {
permit;
log {
session-close;
}
}
}
policy DenyRemote {
match {
source-address any;
destination-address any;
application any;
}
then {
deny;
log {
session-close;
}
}
}
}
from-zone Trusted to-zone junos-host {
policy InternalAccess {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}