Enhancements to configuring security policies

Junos OS supports advanced-connection-tracking command under the [edit security zones security-zone zone name] and [edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit] hierarchy levels. The advanced-connection-tracking option under [edit security zones security-zone zone name]enable the action to generate connection track table using source IP, destination IP(optional), and destination port(optional) during session creation stage when traffic ingress given zone. This connection track mapping table also appears on backup node in HA(High Availability) pair. The advanced-connection-tracking option under [edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit] mandate that traffic matching given policy will do a lookup in to-zone's connection track mapping table using the new session's key information, if there is no match, new connection will not be created.