[j-nsp] Sample configuration: security {}
Brandon Bennett
bennetb at gmail.com
Thu Apr 9 12:32:10 EDT 2009
I've heard a rumor that the knob to switch pack to packet-based is available
in 9.5 again. In the mean time the work around is to enable MPLS on your
interfaces and do packet-based forwarding for mpls.
Let me see if I can dig up the exact details.
Brandon
On Wed, Apr 8, 2009 at 5:08 PM, Ben Dale <bdale at comlinx.com.au> wrote:
> There used to be the following hidden command up to 8.5ES to switch back:
>
> set security forwarding-options family inet mode packet-based
>
> Looking at a v9.0ES box, it looks like packet-based is now available only
> for iso, inet6 and mpls
>
>
>
>
> On 08/04/2009, at 2:20 AM, Michel de Nostredame wrote:
>
> Hi,
>
> In the ES version, there is a 1M-session potential bomb for J6530,
> according to the spec sheet.
>
> Start from 9.4, there is no non-ES version JUNOS for J-series box. I
> am wondering if the command provided in KB can completely turns the ES
> version JUNOS into non-ES version. Which means make the J-router
> forgets there is a concept of "session".
>
> --
> Michel~
>
>
> On Mon, Apr 6, 2009 at 8:02 PM, Tim Eberhard <xmin0s at gmail.com> wrote:
>
>> That KB is to turn Junos-ES into a router device..
>>
>> the first part:
>> no-syn-check;
>> no-syn-check-in-tunnel;
>> no-sequence-check;
>>
>> Basically turns off *all* state full tcp. At that point you might as well
>> be
>> using stateless acl's.
>>
>> The next portion is to disable the ALG's (application layer gateways).
>> Again
>> if the end goal here is to use this device as a router, I agree with it.
>>
>> If you're trying to use the security{} options as a firewall then do *not*
>> follow that KB.
>>
>> Good luck,
>> -Tim Eberhard
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list