JUNOS Internet Software Network Operations Guide: Hardware
420 ! Understanding the CFEB
Figure 169 shows the M7i router CFEB with ASP-I.
Figure 169: M7i Router CFEB with ASP-I
The ASP–I is an optional component of the CFEB. The ASP–I is similar to the
standalone Adaptive Services PIC, but operates at a reduced bandwidth. The ASP–I
enables you to perform one or more services on the same PIC by configuring a set
of services and applications.
The ASP–I provides the following services:
! Stateful firewall—A type of firewall filter that considers state information
derived from previous communications and other applications when evaluating
traffic.
! Network Address Translation (NAT)—A security procedure for concealing host
addresses on a private network behind a pool of public addresses.
! Intrusion detection services (IDS)—A set of tools for detecting, redirecting, and
preventing certain kinds of network attack and intrusion.
The configuration for these three services comprises a series of rules that you can
arrange in order of precedence as a rule set. Each rule follows the structure of a
firewall filter, with a
from statement containing input or match conditions and a then
statement containing actions to be taken if the match conditions are met. For
information about configuring interfaces on the ASP–I, see the JUNOS Services
Interfaces Configuration Guide.
g003216
C
-F
E
B
S
e
rv
ic
e
s
PO
W
ER
O
FF
O
K
F
A
IL
M
A
S
T
E
R
To Next Page
Loading...