[j-nsp] Firewall Policy Description !!

Asad Raza asadgardezi at gmail.com
Wed Nov 5 10:49:35 EST 2014


Hi

You can annotate match statement on each policy to add comments. Those
comments will show in start of each policy when you do show configuration
(without display set)

Br
Asad
On Nov 5, 2014 6:43 PM, "Harri Makela via juniper-nsp" <
juniper-nsp at puck.nether.net> wrote:

>
> Hi There
>
>
>
>
> is there anyway that we can add description of firewall policies. Firewall
> policy name is restricted to 63 chracters on Junos which is not sufficient
> to review the firewall policies on periodic basis. I can only add flows
> related information with policy name and description is required to add
> further details like who requested it, when it was added, quarterly review
> if this flow is required not etc. to comply with AUDIT requirements
>
>
>
>
>
> Thnaks
>
>       On Wednesday, 29 October 2014, 16:05, "
> juniper-nsp-request at puck.nether.net" <juniper-nsp-request at puck.nether.net>
> wrote:
>
>
>  Send juniper-nsp mailing list submissions to
>     juniper-nsp at puck.nether.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>     https://puck.nether.net/mailman/listinfo/juniper-nsp
> or, via email, send a message with subject or body 'help' to
>     juniper-nsp-request at puck.nether.net
>
> You can reach the person managing the list at
>     juniper-nsp-owner at puck.nether.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of juniper-nsp digest..."
>
>
> Today's Topics:
>
>   1. Re: CoS on iSCSI ports (Eugeniu Patrascu)
>   2. EX4600 third party optic (Johan Borch)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 29 Oct 2014 01:09:49 +0200
> From: Eugeniu Patrascu <eugen at imacandi.net>
> To: Mike Gonnason <gonnason at gmail.com>
> Cc: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Subject: Re: [j-nsp] CoS on iSCSI ports
> Message-ID:
>     <CALgc3C64g8g5JrnN+uzkLUu-=UmsdYQN_kz2Wqt7E+Br1_KUdg at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> If memory serves me right, the 5% bandwidth is actually prioritized when
> you do something on the switch via SSH/Telnet/J-Web so that in case your
> switch is running line-rate, you can actually log into it.
>
> Also, disable flow-control, it's not helping.
>
> Regards,
> Eugeniu
>
> On Wed, Oct 15, 2014 at 2:49 AM, Mike Gonnason <gonnason at gmail.com> wrote:
>
> > For my iSCSI stuff, I have been disabling pause frames as they are not
> > really beneficial for my situation. I had a NetApp (forget what model)
> that
> > would saturate a 10Gb link and the Juniper would send a pause frame with
> > the result of dropping all connections across that trunk. Not very
> helpful.
> >
> > You can try modifying the NC class and alter how the scheduling is
> > performed. in section 21 you can see 5% is specified for the NC
> scheduler.
> >
> >
> >
> http://www.juniper.net/documentation/en_US/junos13.2/topics/example/cos-ex-series-configuring.html
> >
> >
> > -Mike Gonnason
> >
> > On Tue, Oct 14, 2014 at 3:39 PM, Josh Farrelly <Joshf at originit.co.nz>
> > wrote:
> >
> > > Hi all.
> > >
> > > We have 2x EX4550's in VC that provide switching for an iSCSI network.
> > > There are 3 Dell SANs and 4 Dell R820 ESXi hosts connected via twinax @
> > > 10Gbps. Jumbo frames and flow control is enabled.
> > >
> > > My knowledge around Juniper tech is a little vague, but what's with the
> > > default CoS settings on the switch? It seems they will automatically
> > > reserve 5% for network control traffic. Is there anyway to disable CoS
> > > entirely? AFAIK Brocade & Cisco don't have this type of default, and 5%
> > of
> > > a 10Gbps is actually a rather significant chunk of bandwidth.
> > >
> > > The reason I'm asking is that we've seen some performance issues
> lately.
> > > We have a hybrid-SSD tray of storage that can saturate a link, so we're
> > > seeing MAC pause frames being received by the switch as well as
> discards
> > on
> > > some of the queues.
> > >
> > > Thanks for any pointers.
> > >
> > > Regards,
> > >
> > > Josh.
> > > _______________________________________________
> > > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/juniper-nsp
> > >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> >
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 29 Oct 2014 09:51:15 +0100
> From: Johan Borch <johan.borch at gmail.com>
> To: "juniper-nsp at puck.nether.net" <juniper-nsp at puck.nether.net>
> Subject: [j-nsp] EX4600 third party optic
> Message-ID:
>     <CAB_jNCR9BeSeNO2ER_+5LrO2WTT=vg5GbYjPvvhUxKfJsS7f3Q at mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hi!
>
> Do anyone have experience with third party optics (SFP/SFP+) in EX4600?
>
> Johan
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> juniper-nsp mailing list
> juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> ------------------------------
>
> End of juniper-nsp Digest, Vol 143, Issue 27
> ********************************************
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list