Table of Contents
Advertisement
Changes in Default Behavior and Syntax in Junos OS Release 10.4 for SRX Series Services Gateways and J Series Services Routers
Copyright © 2011, Juniper Networks, Inc.
set security policies from-zone untrustZone to-zone trustZone policy policy13 then log
session-init
set security policies from-zone untrustZone to-zone trustZone policy policy13 then log
session-close
flow match policy13 will record the following information in the log:
<14>1 2010-09-30T14:55:04.323+08:00 mrpp-srx650-dut01 RT_FLOW -
RT_FLOW_SESSION_CREATE [
source-port="1" destination-address="2.2.2.2" destination-port="46384"
service-name="icmp" nat-source-address="1.1.1.2" nat-source-port="1"
nat-destination-address="2.2.2.2" nat-destination-port="46384"
src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1"
policy-name="policy1" source-zone-name="trustZone"
destination-zone-name="untrustZone" session-id-32="41"
packet-incoming-interface="ge-0/0/1.0"] session created 1.1.1.2/1-->2.2.2.2/46384
icmp 1.1.1.2/1-->2.2.2.2/46384 None None 1 policy1 trustZone untrustZone 41 ge-0/0/1.0
<14>1 2010-09-30T14:55:07.188+08:00 mrpp-srx650-dut01 RT_FLOW -
RT_FLOW_SESSION_CLOSE [
source-address="1.1.1.2" source-port="1" destination-address="2.2.2.2"
destination-port="46384" service-name="icmp" nat-source-address="1.1.1.2"
nat-source-port="1" nat-destination-address="2.2.2.2" nat-destination-port="46384"
src-nat-rule-name="None" dst-nat-rule-name="None" protocol-id="1"
policy-name="policy1" source-zone-name="trustZone"
destination-zone-name="untrustZone" session-id-32="41" packets-from-client="1"
bytes-from-client="84" packets-from-server="1" bytes-from-server="84"
elapsed-time="0" packet-incoming-interface="ge-0/0/1.0"] session closed response
received: 1.1.1.2/1-->2.2.2.2/46384 icmp 1.1.1.2/1-->2.2.2.2/46384 None None 1 policy1
trustZone untrustZone 41 1(84) 1(84) 0 ge-0/0/1.0
On SRX Series devices, the factory default for the maximum number of backup
configurations allowed is five. Therefore, you can have one active configuration and a
maximum of five rollback configurations. Increasing this backup configuration number
will result in increased memory usage on disk and increased commit time.
To modify the factory defaults, use the following commands:
root@host# set system max-configurations-on-flash number
root@host# set system max-configuration-rollbacks number
where
max-configurations-on-flash
configuration partition and
of backup configurations.
On J Series devices, the following configuration changes must be done after rollback
or upgrade from Junos OS Release 10.4 to 9.6 and earlier releases.
Rename
lsq-0/0/0
to
ls-0/0/0
Remove
fragmentation-map
[class-of-service interfaces lsq-0/0/0]
junos@2636.1.1.1.2.40
reason="response received"
junos@2636.1.1.1.2.40
indicates backup configurations to be stored in the
max-configuration-rollbacks
in all its occurrences.
from the
[class-of-service]
, if configured.
source-address="1.1.1.2"
indicates the maximum number
hierarchy level and from
131
Advertisement
Table of Contents
