the existing policy, the new detector is not loaded and both policies use a single
associated detector. However, if the new detector does not match the current detector,
the new detector is loaded along with the new policy. In this case, each loaded policy
will then use its own associated detector for attack detection. Note that with the
specified routers, a maximum of four detectors can be loaded at any given time.
Multiple IDP detector support for the specified routers functions in a similar way to the
existing IDP detector support on J Series and SRX Series devices, except for the
maximum number of decoder binary instances that are loaded into the process space.
To view the current policy and the corresponding detector version, use the show security
idp status detail command.
For more information, see the Junos OS Security Configuration Guide.
[Services Interfaces]
•
NAT using Junos OS Services Framework (JSF) (M Series and T Series with
Multiservices PICs and MX Series with Multiservices DPCs)—The Junos OS Services
Framework (JSF) is a unified framework for Junos OS services integration. JSF Services
integration will allow the option of running Junos OS services on services PICs or DPCs
in any M Series, MX Series, or T Series routers. Beginning with Junos OS Release 10.4,
you can use JSF to run NAT on the specified routers.
To use JSF to run NAT, you must configure the jservices-nat package at the [edit chassis
fpc slot pic slot adaptive-services service-package extension-provider package] hierarchy
level. In addition, you must configure NAT rules and a service set with a Multiservice
interface. To check the configuration, use the show configuration services nat command.
To show the run time (dynamic state) information on the interface, use the show
services sessions and show services nat pool commands.
[Services Interfaces]
•
Stateful firewall using Junos OS Services Framework (JSF) (M Series with MS PICs,
MX Series with MS DPCs, and T Series routers)—The Junos OS Services Framework
(JSF) is a unified framework for Junos OS services integration. JSF Services integration
will allow the option of running Junos OS services on services PICs or DPCs in any M
Series, MX Series, or T Series routers. Beginning with Junos OS Release 10.4, you can
use JSF to run stateful firewall on the specified routers.
To use JSF to run stateful firewall, you must configure the jservices-sfw package at the
[edit chassis fpc slot pic slot adaptive-services service-package extension-provider
package] hierarchy level. In addition, you must configure stateful firewall rules and a
service set with a Multiservice interface. To check the configuration, use the show
configuration services stateful-firewall command. To show the run time (dynamic state)
information on the interface, use the show services sessions command.
[Services Interfaces]
Copyright © 2010, Juniper Networks, Inc.22
JUNOS OS 10.4 Release Notes
To Next Page
Loading...