any difference between reject and drop?
A drop policy will silently discard the packets, so it will take some time for the client (e.g. web browser) before it times out the request.
A reject policy will "tell" the client that the connection is not allowed and you will get a "connection refused" message immediately or something like that.
Sometimes it is better to use a reject policy in order to speed up things.
I know that you can set up deny policies to drop or reject packets with other firewalls (for sure with "iptables" on Linux), any way to do it with NetScreen ScreenOS?