[j-nsp] Sample configuration: security {}
Michel de Nostredame
d.nostra at gmail.com
Tue Apr 7 12:20:51 EDT 2009
Hi,
In the ES version, there is a 1M-session potential bomb for J6530,
according to the spec sheet.
Start from 9.4, there is no non-ES version JUNOS for J-series box. I
am wondering if the command provided in KB can completely turns the ES
version JUNOS into non-ES version. Which means make the J-router
forgets there is a concept of "session".
--
Michel~
On Mon, Apr 6, 2009 at 8:02 PM, Tim Eberhard <xmin0s at gmail.com> wrote:
> That KB is to turn Junos-ES into a router device..
>
> the first part:
> no-syn-check;
> no-syn-check-in-tunnel;
> no-sequence-check;
>
> Basically turns off *all* state full tcp. At that point you might as well be
> using stateless acl's.
>
> The next portion is to disable the ALG's (application layer gateways). Again
> if the end goal here is to use this device as a router, I agree with it.
>
> If you're trying to use the security{} options as a firewall then do *not*
> follow that KB.
>
> Good luck,
> -Tim Eberhard
More information about the juniper-nsp
mailing list