•
set security policies from-zone untrustZone to-zone trustZone policy policy13 then log
session-init
•
set security policies from-zone untrustZone to-zone trustZone policy policy13 then log
session-close
flow match policy13 will record the following information in the log:
<14>1 2010-09-30T14:55:04.323+08:00 mrpp-srx650-dut01 RT_FLOW -
RT_FLOW_SESSION_CREATE [junos@2636.1.1.1.2.40 source-address="1.1.1.2"
source-port="1" destination-address="2.2.2.2" destination-port="46384"
service-name="icmp" nat-source-address="1.1.1.2" nat-source-port="1"
nat-destination-address="2.2.2.2" nat-destination-port="46384"
src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1"
policy-name="policy1" source-zone-name="trustZone"
destination-zone-name="untrustZone" session-id-32="41"
packet-incoming-interface="ge-0/0/1.0"] session created 1.1.1.2/1-->2.2.2.2/46384
icmp 1.1.1.2/1-->2.2.2.2/46384 None None 1 policy1 trustZone untrustZone 41 ge-0/0/1.0
<14>1 2010-09-30T14:55:07.188+08:00 mrpp-srx650-dut01 RT_FLOW -
RT_FLOW_SESSION_CLOSE [junos@2636.1.1.1.2.40 reason="response received"
source-address="1.1.1.2" source-port="1" destination-address="2.2.2.2"
destination-port="46384" service-name="icmp" nat-source-address="1.1.1.2"
nat-source-port="1" nat-destination-address="2.2.2.2" nat-destination-port="46384"
src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1"
policy-name="policy1" source-zone-name="trustZone"
destination-zone-name="untrustZone" session-id-32="41" packets-from-client="1"
bytes-from-client="84" packets-from-server="1" bytes-from-server="84"
elapsed-time="0" packet-incoming-interface="ge-0/0/1.0"] session closed response
received: 1.1.1.2/1-->2.2.2.2/46384 icmp 1.1.1.2/1-->2.2.2.2/46384 None None 1 policy1
trustZone untrustZone 41 1(84) 1(84) 0 ge-0/0/1.0
•
On SRX Series devices, the factory default for the maximum number of backup
configurations allowed is five. Therefore, you can have one active configuration and a
maximum of five rollback configurations. Increasing this backup configuration number
will result in increased memory usage on disk and increased commit time.
To modify the factory defaults, use the following commands:
root@host# set system max-configurations-on-flash number
root@host# set system max-configuration-rollbacks number
where max-configurations-on-flash indicates backup configurations to be stored in the
configuration partition and max-configuration-rollbacks indicates the maximum number
of backup configurations.
•
On J Series devices, the following configuration changes must be done after rollback
or upgrade from Junos OS Release 10.4 to 9.6 and earlier releases.
•
Rename lsq-0/0/0 to ls-0/0/0 in all its occurrences.
•
Remove fragmentation-map from the [class-of-service] hierarchy level and from
[class-of-service interfaces lsq-0/0/0], if configured.
Copyright © 2010, Juniper Networks, Inc.116
JUNOS OS 10.4 Release Notes
To Next Page
Loading...