[j-nsp] Sample configuration: security {}
Ben Dale
bdale at comlinx.com.au
Wed Apr 8 19:08:15 EDT 2009
There used to be the following hidden command up to 8.5ES to switch
back:
set security forwarding-options family inet mode packet-based
Looking at a v9.0ES box, it looks like packet-based is now available
only for iso, inet6 and mpls
On 08/04/2009, at 2:20 AM, Michel de Nostredame wrote:
Hi,
In the ES version, there is a 1M-session potential bomb for J6530,
according to the spec sheet.
Start from 9.4, there is no non-ES version JUNOS for J-series box. I
am wondering if the command provided in KB can completely turns the ES
version JUNOS into non-ES version. Which means make the J-router
forgets there is a concept of "session".
--
Michel~
On Mon, Apr 6, 2009 at 8:02 PM, Tim Eberhard <xmin0s at gmail.com> wrote:
> That KB is to turn Junos-ES into a router device..
>
> the first part:
> no-syn-check;
> no-syn-check-in-tunnel;
> no-sequence-check;
>
> Basically turns off *all* state full tcp. At that point you might as
> well be
> using stateless acl's.
>
> The next portion is to disable the ALG's (application layer
> gateways). Again
> if the end goal here is to use this device as a router, I agree with
> it.
>
> If you're trying to use the security{} options as a firewall then do
> *not*
> follow that KB.
>
> Good luck,
> -Tim Eberhard
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list