Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5 Release Note page 23

Hide thumbs Also See for JUNOS OS 10.4 - RELEASE NOTES REV 5:

Release note (216 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

page of 209

/ 209
Contents
Table of Contents
Bookmarks

Table of Contents

New Features in Junos OS Release 10.4 for M Series, MX Series, and T Series Routers

data-cores 1;

object-cache-size 512;

policy-db-size 64;

package jservices-rpm;

syslog daemon any;

}

[Services Interfaces]

ALGs using Junos OS Services Framework (JSF) (M Series with MS PICs and MX

Series with MS DPCs)—Application-level gateways (ALGs) intercept and analyze

specified traffic, allocate resources, and define dynamic policies to permit traffic to

pass securely through a device. Beginning with Junos OS Release 10.4 on the specified

routers, you can use JSF ALGs with the following services:

Stateful firewall

Network Address Translation (NAT)

To use JSF to run ALGs, you must configure the jservices-alg package at the

chassis fpc slot pic slot adaptive-services service-package extension-provider package]

hierarchy level. In addition, you must configure the ALG application at the

applications application application-name]

in the stateful firewall rule or the NAT rule in those respective configurations.

[Services Interfaces]

Enhancements to port mirroring with next-hop groups (MX Series only)—Adds

support for binding up to two port-mirroring instances to the same MX Series Packet

Fowarding Engine. This enables you to choose multiple mirror destinations by specifying

different port-mirroring instances in the filters. Filters must include the

port-mirror-instance instance-name

hierarchy level. You must also include the

term-name then]

instance-name

statement at the

FPC to be used.

Inline port mirroring allows you to configure instances that are not bound to the FPC

specified in the firewall filter

you can define the

then next-hop-group

the port-mirror destination from the input parameters, such as rate. While the input

parameters are programmed in the Switch Interface Board (SIB), the next-hop

destination for the mirrored packet is available in the packet itself.

A port-mirroring instance can now inherit input parameters from another instance that

specifies it. To configure this option, include the

statement at the

instance-name

hierarchy level.

instance-name]

You can also now configure port mirroring to next-hop groups using a tunnel interface.

[Services Interfaces]

hierarchy level, and reference the application

statement at the

[edit firewall filter filter-name term

[edit chassis fpc number]

then port-mirror-instance instance-name

action. Inline port-mirroring aims to decouple

input-parameters-instance

[edit forwarding-options port-mirror instance

[edit

port-mirror-instance

hierarchy level to specify the

action. Instead,

Table of Contents

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

This manual is also suitable for:

Junos os 10.4

Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5 Release Note page 23

Related Manuals for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

Related Products for Juniper JUNOS OS 10.4 - RELEASE NOTES REV 5

This manual is also suitable for:

Table of Contents