[j-nsp] Sample configuration: security {}
tech at osystems.ru
tech at osystems.ru
Mon Apr 6 02:37:17 EDT 2009
KB11963 recommends also add
flow (
allow-dns-reply;
tcp-session (
no-syn-check;
no-syn-check-in-tunnel;
no-sequence-check;
)
)
and
alg (
dns disable;
ftp disable;
h323 disable;
mgcp disable;
real disable;
rsh disable;
rtsp disable;
sccp disable;
sip disable;
sql disable;
talk disable;
tftp disable;
pptp disable;
msrpc disable;
sunrpc disable;
)
as well as
zones (
security-zone trust (
tcp-rst;
Is there a meaning to make these changes?
On Fri, 03 Apr 2009 15:04:58 +0200, Tomasz Klicki <tomasz at klicki.pl> wrote:
> tech at osystems.ru pisze:
>> Please give me a sample configuration, security {} for the JUNOS
Software
>> Release [9.4R1.8] (Export edition) Enhanced Services for the BGP router
>> (border router).
>
> Here you are:
>
> security {
> zones {
> security-zone zone_default {
> host-inbound-traffic {
> system-services {
> all;
> }
> protocols {
> all;
> }
> }
> interfaces {
> all;
> }
> }
> }
> policies {
> default-policy {
> permit-all;
> }
> }
> }
More information about the juniper-nsp
mailing list