The security is actually set to any application, and the traffic will be coming form the public Internet so source is set to any source. Once I can get the traffic to reach the server I will set the policy for only HTTPS traffic.
root@CWFWGI01> ...et to-zone SES policy-name SES_VIP detail
node0:
--------------------------------------------------------------------------
Policy: SES_VIP, action-type: permit, State: enabled, Index: 43, Scope Policy: 0
Policy Type: Configured
Description: Nat para interface SES
Sequence number: 1
From zone: Internet, To zone: SES
Source addresses:
any-ipv4(global): 0.0.0.0/0
any-ipv6(global): ::/0
Destination addresses:
SES_VIP(global): 192.168.166.26/32
Application: any
IP protocol: 0, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [0-0]
Per policy TCP Options: SYN check: No, SEQ check: No
Session log: at-create, at-close
{primary:node0}
root@CWFWGI01>
spuluka wrote:So the issue is that the security policies and their order are not matching this https request traffic so it is hitting the implicit deny rule. Walk through the steps here to find why the security policy is not working.
https://kb.juniper.net/InfoCenter/index?page=content&id=kb10113