[j-nsp] IDS in Adaptive Services 2 PIC
Dan Rautio
drautio at juniper.net
Wed Aug 30 14:06:38 EDT 2006
Hey Peter,
Here is a real basic example:
interfaces {
sp-0/2/0 {
unit 0 {
family inet;
}
unit 1 {
family inet;
service-domain inside;
}
unit 2 {
family inet;
service-domain outside;
}
}
ge-1/0/0 {
description "Untrusted interface";
unit 0 {
family inet {
address 10.40.2.1/24;
}
}
}
ge-1/1/0 {
description "Trusted interface";
unit 0 {
family inet {
address 10.40.1.1/24;
}
}
}
}
routing-options {
static {
route 1.0.0.0/8 next-hop sp-0/2/0.2;
route 10.40.2.0/24 next-hop sp-0/2/0.2;
}
}
routing-instances {
ids_vr {
instance-type virtual-router;
interface ge-1/0/0.0;
interface sp-0/2/0.1;
routing-options {
static {
route 1.0.0.0/8 next-hop 10.40.1.2;
}
}
}
}
services {
stateful-firewall {
rule test-syn {
match-direction output;
term 1 {
then {
accept;
}
}
}
}
ids {
rule ids-vpn {
match-direction input-output;
term 1 {
then {
logging {
threshold 1;
syslog;
}
syn-cookie {
threshold 1;
mss 1024;
}
}
}
}
}
service-set nh {
syslog {
host local {
services info;
}
}
stateful-firewall-rules test-syn;
ids-rules ids-vpn;
next-hop-service {
inside-service-interface sp-0/2/0.1;
outside-service-interface sp-0/2/0.2;
}
}
}
- Dan
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Pajlatek
> Sent: Saturday, August 26, 2006 11:36 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] IDS in Adaptive Services 2 PIC
>
>
> Hello ,
>
> Anyone has used IDS with Adaptive Services 2 PIC for Juniper
> M Series ?
> I am intrested in some real examples...
> http://www.juniper.net/techpubs/software/junos/junos80/swconfi
g80-services/frameset.htm
Those pointers here doesnt help much:(
Any one knows any repository ?
Peter
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list