}
}
[Services Interfaces]
•
ALGs using Junos OS Services Framework (JSF) (M Series with MS PICs and MX
Series with MS DPCs)—Application-level gateways (ALGs) intercept and analyze
specified traffic, allocate resources, and define dynamic policies to permit traffic to
pass securely through a device. Beginning with Junos OS Release 10.4 on the specified
routers, you can use JSF ALGs with the following services:
•
Stateful firewall
•
Network Address Translation (NAT)
To use JSF to run ALGs, you must configure the jservices-alg package at the [edit
chassis fpc slot pic slot adaptive-services service-package extension-provider package]
hierarchy level. In addition, you must configure the ALG application at the [edit
applications application application-name] hierarchy level, and reference the application
in the stateful firewall rule or the NAT rule in those respective configurations.
[Services Interfaces]
•
Enhancements to port mirroring with next-hop groups (MX Series only)—Adds
support for binding up to two port-mirroring instances to the same MX Series Packet
Fowarding Engine. This enables you to choose multiple mirror destinations by specifying
different port-mirroring instances in the filters. Filters must include the
port-mirror-instance instance-name statement at the [edit firewall filter filter-name term
term-name then] hierarchy level. You must also include the port-mirror-instance
instance-name statement at the [edit chassis fpc number] hierarchy level to specify the
FPC to be used.
Inline port mirroring allows you to configure instances that are not bound to the FPC
specified in the firewall filter then port-mirror-instance instance-name action. Instead,
you can define the then next-hop-group action. Inline port-mirroring aims to decouple
the port-mirror destination from the input parameters, such as rate. While the input
parameters are programmed in the Switch Interface Board (SIB), the next-hop
destination for the mirrored packet is available in the packet itself.
A port-mirroring instance can now inherit input parameters from another instance that
specifies it. To configure this option, include the input-parameters-instance
instance-name statement at the [edit forwarding-options port-mirror instance
instance-name] hierarchy level.
You can also now configure port mirroring to next-hop groups using a tunnel interface.
[Services Interfaces]
•
Multiple IDP detector support (M120, M320, and MX Series routers with Enhanced
III FPCs)—The IDP detector provides information about services, contexts, and
anomalies that are supported by the associated protocol decoder.
The specified routers now support loading multiple IDP detectors simultaneously.
When a policy is loaded, it is also associated with a detector. If the new policy being
loaded has an associated detector that matches the detector already being used by
21Copyright © 2010, Juniper Networks, Inc.
New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers
To Next Page
Loading...