EasyManuals Logo

Juniper ACX2000 Configuration Guide

Juniper ACX2000
3270 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1084 background imageLoading...
Page #1084 background image
the destination-prefix-list or the source-prefix-list statement in the stateful firewall rule.
For an example, see Examples: Configuring Stateful Firewall Rules.
If you omit the from term, the stateful firewall accepts all traffic and the default protocol
handlers take effect:
•
User Datagram Protocol (UDP), Transmission Control Protocol (TCP), and Internet
Control Message Protocol (ICMP) create a bidirectional flow with a predicted reverse
flow.
•
IP creates a unidirectional flow.
You can also include application protocol definitions you have configured at the [edit
applications] hierarchy level; for more information, see Configuring Application Properties.
•
To apply one or more specific application protocol definitions, include the applications
statement at the [edit services stateful-firewall rule rule-name term term-name from]
hierarchy level.
•
To apply one or more sets of application protocol definitions you have defined, include
the application-sets statement at the [edit services stateful-firewall rule rule-name term
term-name from] hierarchy level.
NOTE: If you include one of the statements that specifies application
protocols, the router derives port and protocol information from the
corresponding configuration at the [edit applications] hierarchy level; you
cannot specify these properties as match conditions.
Configuring Actions in Stateful Firewall Rules
To configure stateful firewall actions, include the then statement at the [edit services
stateful-firewall rule rule-name term term-name] hierarchy level:
[edit services stateful-firewall rule rule-name term term-name]
then {
(accept | discard | reject);
allow-ip-options [ values ];
syslog;
}
You must include one of the following actions:
•
accept—The packet is accepted and sent on to its destination.
•
accept skip-ids—The packet is accepted and sent on to its destination, but IDS rule
processing configured on an MS-MPC is skipped.
•
discard—The packet is not accepted and is not processed further.
•
reject—The packet is not accepted and a rejection message is returned; UDP sends an
ICMP unreachable code and TCP sends RST. Rejected packets can be logged or
sampled.
Copyright © 2017, Juniper Networks, Inc.1026
ACX Series Universal Access Router Configuration Guide

Table of Contents

Other manuals for Juniper ACX2000

Preview: Quick Start
Quick Start30 pages
Preview: Hardware Guide
Hardware Guide190 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Juniper ACX2000 and is the answer not in the manual?

Juniper ACX2000 Specifications

General IconGeneral
BrandJuniper
ModelACX2000
CategoryNetwork Router
LanguageEnglish

Related product manuals