[j-nsp] Sample configuration: security {}

tech at osystems.ru tech at osystems.ru
Mon Apr 6 02:37:17 EDT 2009



KB11963 recommends also add
     flow (
         allow-dns-reply;
         tcp-session (
             no-syn-check;
             no-syn-check-in-tunnel;
             no-sequence-check;
         )
     )

and

     alg (
         dns disable;
         ftp disable;
         h323 disable;
         mgcp disable;
         real disable;
         rsh disable;
         rtsp disable;
         sccp disable;
         sip disable;
         sql disable;
         talk disable;
         tftp disable;
         pptp disable;
         msrpc disable;
         sunrpc disable;
     )

as well as
     zones (
         security-zone trust (
             tcp-rst;

Is there a meaning to make these changes?




On Fri, 03 Apr 2009 15:04:58 +0200, Tomasz Klicki <tomasz at klicki.pl> wrote:
> tech at osystems.ru pisze:
>> Please give me a sample configuration, security {} for the JUNOS
Software
>> Release [9.4R1.8] (Export edition) Enhanced Services for the BGP router
>> (border router).
> 
> Here you are:
> 
> security {
>     zones {
>         security-zone zone_default {
>             host-inbound-traffic {
>                 system-services {
>                     all;
>                 }
>                 protocols {
>                     all;
>                 }
>             }
>             interfaces {
>                 all;
>             }
>         }
>     }
>     policies {
>         default-policy {
>             permit-all;
>         }
>     }
> }


More information about the juniper-nsp mailing list