Table of Contents
Advertisement
JUNOS OS 10.4 Release Notes
24
Multiple IDP detector support (M120, M320, and MX Series routers with Enhanced
III FPCs)—The IDP detector provides information about services, contexts, and
anomalies that are supported by the associated protocol decoder.
The specified routers now support loading multiple IDP detectors simultaneously.
When a policy is loaded, it is also associated with a detector. If the new policy being
loaded has an associated detector that matches the detector already being used by
the existing policy, the new detector is not loaded and both policies use a single
associated detector. However, if the new detector does not match the current detector,
the new detector is loaded along with the new policy. In this case, each loaded policy
will then use its own associated detector for attack detection. Note that with the
specified routers, a maximum of four detectors can be loaded at any given time.
Multiple IDP detector support for the specified routers functions in a similar way to the
existing IDP detector support on J Series and SRX Series devices, except for the
maximum number of decoder binary instances that are loaded into the process space.
To view the current policy and the corresponding detector version, use the
command.
idp status detail
For more information, see the Junos OS Security Configuration Guide.
[Services Interfaces]
NAT using Junos OS Services Framework (JSF) (M Series and T Series with
Multiservices PICs and MX Series with Multiservices DPCs)—The Junos OS Services
Framework (JSF) is a unified framework for Junos OS services integration. JSF Services
integration will allow the option of running Junos OS services on services PICs or DPCs
in any M Series, MX Series, or T Series routers. Beginning with Junos OS Release 10.4,
you can use JSF to run NAT on the specified routers.
To use JSF to run NAT, you must configure the
fpc slot pic slot adaptive-services service-package extension-provider package]
level. In addition, you must configure NAT rules and a service set with a Multiservice
interface. To check the configuration, use the
To show the run time (dynamic state) information on the interface, use the
and
services sessions
show services nat pool
[Services Interfaces]
Stateful firewall using Junos OS Services Framework (JSF) (M Series with MS PICs,
MX Series with MS DPCs, and T Series routers)—The Junos OS Services Framework
(JSF) is a unified framework for Junos OS services integration. JSF Services integration
will allow the option of running Junos OS services on services PICs or DPCs in any M
Series, MX Series, or T Series routers. Beginning with Junos OS Release 10.4, you can
use JSF to run stateful firewall on the specified routers.
To use JSF to run stateful firewall, you must configure the
[edit chassis fpc slot pic slot adaptive-services service-package extension-provider
hierarchy level. In addition, you must configure stateful firewall rules and a
package]
service set with a Multiservice interface. To check the configuration, use the
configuration services stateful-firewall
information on the interface, use the
jservices-nat
package at the
show configuration services nat
commands.
jservices-sfw
command. To show the run time (dynamic state)
command.
show services sessions
Copyright © 2011, Juniper Networks, Inc.
show security
[edit chassis
hierarchy
command.
show
package at the
show
Advertisement
Table of Contents
