ACX500 Series routers do not support the following while configuring stateful firewall
rules:
•
match-direction (output | input-output)
•
post-service-filter at the interface service input hierarchy level.
•
IPv6 source address and destination address.
•
application-sets, application, allow-ip-options at the [edit services stateful-firewall]
hierarchy level.
•
Application Layer Gateways (ALGs).
•
Chaining of services within Multiservices Modular Interfaces Card (MS-MIC) and with
inline-services (-si).
•
Class of service.
•
The following show services stateful-firewall CLI commands are not supported:
•
show services stateful-firewall conversations—Show conversations
•
show services stateful-firewall flow-analysis—Show flow table entries
•
show services stateful-firewall redundancy-statistics—Show redundancy statistics
•
show services stateful-firewall sip-call—Show SIP call information
•
show services stateful-firewall sip-register—Show SIP register information
•
show services stateful-firewall subscriber-analysis—Show subscriber table entries
The following sections explain how to configure the components of stateful firewall
rules:
•
Configuring Match Direction for Stateful Firewall Rules on page 1024
•
Configuring Match Conditions in Stateful Firewall Rules on page 1025
•
Configuring Actions in Stateful Firewall Rules on page 1026
Configuring Match Direction for Stateful Firewall Rules
Each rule must include a match-direction statement that specifies the direction in which
the rule match is applied. To configure where the match is applied, include the
match-direction statement at the [edit services stateful-firewall rule rule-name] hierarchy
level:
[edit services stateful-firewall rule rule-name]
match-direction (input | output | input-output);
NOTE: ACX500 Series routers do not support match-direction (output |
input-output).
If you configure match-direction input-output, sessions initiated from both directions
might match this rule.
Copyright © 2017, Juniper Networks, Inc.1024
ACX Series Universal Access Router Configuration Guide
To Next Page
Loading...
