Associating Service Rules with Inline Services Interfaces
To define and group the service rules be applied to an inline services interface, you define
an interface service set by including the service-set service-set-name statement at the
[edit services] hierarchy level.
To apply an interface service set to the input of an inline services interface, you include
the service-set service-set-name at the following hierarchy levels:
•
[edit interfaces interface-name unit unit-number input]
Filtering Traffic Before Accepting Packets for Service Processing
To filter IPv4 traffic before accepting packets for input service processing, include the
service-set service-set-name service-filter service-filter-name at the following hierarchy
level:
•
[edit interfaces interface-name unit unit-number family inet service input]
For the service-set-name, specify a service set configured at the [edit services service-set]
hierarchy level.
The service set retains the input interface information even after services are applied, so
that functions such as filter-class forwarding that depend on input interface information
continue to work.
The following requirements apply to filtering inbound or outbound traffic before accepting
packets for service processing:
•
You configure the same service set on the input and output sides of the interface.
•
If you include the service-set statement without an optional service-filter definition,
Junos OS assumes that the match condition is true and selects the service set for
processing automatically.
•
The service filter is applied only if a service set is configured and selected.
Related
Documentation
Enabling Inline Services Interface on ACX Series on page 1008•
• Understanding Service Sets on page 1028
• Service Filters in ACX Series on page 1035
• Service Filter Match Conditions for IPv4 Traffic on page 1038
• Service Filter Actions on page 1039
• Configuring Service Sets for Network Address Translation on page 1030
• Configuring Service Sets to Be Applied to Services Interfaces on page 1031
• Configuring Queuing and Scheduling on Inline Services Interface on page 1040
1037Copyright © 2017, Juniper Networks, Inc.
Chapter 31: Configuring Network Address Translation (NAT) and Stateful Firewall Services
To Next Page
Loading...
Need help?
General
