Security zone

Yes

Yes

Security Zone

Functional zone

Yes

Yes

Functional Zone

For information about the interfaces that are supported on your device, see the JUNOS Software Interfaces and Routing Configuration Guide.

Address books

Yes

Yes

Configuring Address Books

Policy application sets

Yes

Yes

Policy Application Sets Overview

Schedulers

Yes

Yes

Configuring Schedulers

Policy applications

Yes

Yes

Understanding Internet-Related Predefined Policy Applications

Internet Control Message Protocol (ICMP) predefined policy application

Yes

Yes

Understanding the ICMP Predefined Policy Application

Internet-related predefined policy applications

Yes

Yes

Understanding Internet-Related Predefined Policy Applications

Microsoft predefined policy applications

Yes

Yes

Understanding Microsoft Predefined Policy Applications

Dynamic routing protocols predefined policy applications

Yes

Yes

Understanding Dynamic Routing Protocols Predefined Policy Applications

Streaming video predefined policy applications

Yes

Yes

Understanding Streaming Video Predefined Policy Applications

Sun remote procedure protocol (RPC) predefined policy applications

Yes

Yes

Understanding Sun RPC Predefined Policy Applications

Security and tunnel predefined policy applications

Yes

Yes

Understanding Security and Tunnel Predefined Policy Applications

IP-related predefined policy applications

Yes

Yes

Understanding IP-Related Predefined Policy Applications

Instant messaging predefined policy applications

Yes

Yes

Understanding Instant Messaging Predefined Policy Applications

Management predefined policy applications

Yes

Yes

Understanding Management Predefined Policy Applications

Mail predefined policy applications

Yes

Yes

Understanding Mail Predefined Policy Applications

UNIX predefined policy applications

Yes

Yes

Understanding UNIX Predefined Policy Applications

Miscellaneous predefined policy applications

Yes

Yes

Understanding Miscellaneous Predefined Policy Applications

Custom policy Applications

Yes

Yes

Understanding Custom Policy Applications

Policy application timeouts

Yes

Yes

Understanding Policy Application Timeouts

Policy verification

Yes

Yes

Understanding Policy Ordering

Web authentication

Yes

Yes

Web Authentication

Pass-through authentication

Yes

Yes

Pass-Through Authentication

Local authentication server

Yes

Yes

Firewall User Authentication Overview

RADIUS authentication server

Yes

Yes

Firewall User Authentication Overview

LDAP authentication server

Yes

Yes

Firewall User Authentication Overview

SecurID authentication server

Yes

Yes

Understanding SecurID User Authentication

Bad IP option

Yes

Yes

Understanding Bad IP Option Protection

Block fragment traffic

Yes

Yes

Blocking Fragmented ICMP Packets

FIN flag without ACK flag set protection

Yes

Yes

Blocking Packets with FIN Flag/No ACK Flag Set

ICMP flood protection

Yes

Yes

Understanding ICMP Flood Attacks

ICMP fragment protection

Yes

Yes

Understanding ICMP Fragment Protection

Large size ICMP packet protection

Yes

Yes

Understanding Large ICMP Packet Protection

Loose source route option

Yes

Yes

Blocking Packets with Either a Loose or Strict Source Route Option Set

IP record route option

Yes

Yes

SCREEN Options for Detecting IP Options Used For Reconnaissance

IP security option

Yes

Yes

SCREEN Options for Detecting IP Options Used For Reconnaissance

IP address spoof

Yes

Yes

Blocking IP Spoofing

IP stream option

Yes

Yes

SCREEN Options for Detecting IP Options Used For Reconnaissance

IP strict source route option

Yes

Yes

Blocking Packets with Either a Loose or Strict Source Route Option Set

IP address sweep

Yes

Yes

Understanding IP Address Sweeps

IP timestamp option

Yes

Yes

SCREEN Options for Detecting IP Options Used For Reconnaissance

Land attack protection

Yes

Yes

Understanding Land Attacks

Ping of death attack protection

Yes

Yes

Understanding Ping of Death Attacks

Port scan

Yes

Yes

Understanding Port Scanning

Source IP based session limit

Yes

Yes

Understanding Session Table Flood Attacks

SYN-ACK-ACK proxy protection

Yes

Yes

Understanding SYN-ACK-ACK Proxy Flood Attacks

SYN and FIN flags set protection

Yes

Yes

Blocking Packets with SYN and FIN Flags Set

SYN flood protection

Yes

Yes

Understanding SYN Flood Attacks

SYN fragment protection

Yes

Yes

Understanding SYN Fragment Protection

Teardrop attack protection

Yes

Yes

Understanding Teardrop Attacks

TCP packet without flag set protection

Yes

Yes

Blocking Packets with No Flags Set

Unknown protocol protection

Yes

Yes

Understanding Unknown Protocol Protection

UDP flood protection

Yes

Yes

Understanding UDP Flood Attacks

WinNuke attack protection

Yes

Yes

Understanding WinNuke Attacks

Destination IP address translation

Yes

Yes

Destination IP Address Translation Overview

Static Network Address Translation (NAT)

Yes

No

Configuring Static NAT

Policy-based NAT

Yes

No

Understanding NAT-Dst Policy-Based NAT on J-series Services Routers

Rule-based NAT

No

Yes

Understanding Rule-Based Destination NAT on SRX-series Services Gateways

Source IP address translation

Yes

Yes

Source IP Address Translation Overview

NAT interface source pools

Yes

Yes

Understanding NAT Interface Source Pools

Configuring proxy Address Resolution Protocol (ARP)

No

Yes

Configuring Proxy ARP (Address Resolution Protocol) on SRX-series Services Gateways

Chassis cluster formation

Yes

Yes

Understanding Chassis Cluster Formation

Active/active chassis cluster (that is, cross-box data forwarding over the fabric interface)

Yes

No, active/passive only

Understanding Chassis Cluster Formation

Redundancy group 0 (backup for Routing Engine)

Yes

Yes

Redundancy Group 0: Routing Engines

Redundancy groups 1 through 255

Yes

Redundancy group 1 only

Redundancy Groups 1 Through 255

Redundant Ethernet interfaces

Yes

Yes

Understanding Redundant Ethernet Interfaces

Control plane failover

Yes

Yes

Understanding the Control Plane

Data plane failover

Yes

Yes

Understanding the Data Plane

All JUNOS flow-based routing functionality

Yes

Yes except for IPsec VPN

JUNOS Software Interfaces and Routing Configuration Guide

Policy-based and route-based VPNs

Yes

No

Virtual Private Networks (VPNs)

Transport mode

No

No

Understanding IPsec Operational Modes

Tunnel mode

Yes

No

Understanding IPsec Operational Modes

Authentication Header (AH) protocol

Yes

No

Understanding IPsec Security Protocols

Encapsulating Security Payload (ESP) protocol

Yes

No

Understanding IPsec Security Protocols

IKE phase 1

Yes

No

Understanding IPsec Tunnel Negotiation

IKE phase 2

Yes

No

Understanding IPsec Tunnel Negotiation

Manual key management

Yes

No

Understanding IPsec Key Management

Autokey management

Yes

No

Understanding IPsec Key Management

Antireplay (packet replay attack prevention)

Yes

No

Replay Protection

Dead peer detection (DPD)

Yes

No

Configuring an IKE Gateway and Peer Authentication

Internet Key Exchange (IKE) support

Yes

Yes

Internet Key Exchange

Entrust, Microsoft, and Verisign certificate authorities (CAs)

Yes

Yes

Understanding Certificates

Automated certificate enrollment using Simple Certificate Enrollment Protocol (SCEP)

Yes

Yes

Using Digital Certificates

Automatic generation of self-signed certificates

Yes

Yes

Understanding Self-Signed Certificates

Distinguished Encoding Rules (DER), Privacy-Enhanced Mail (PEM), Public-Key Cryptography Standard 7 (PKCS7), and X509 certificate encoding

Yes

Yes

Manually Loading a CRL onto the Device

Manual installation of DER-encoded and PEM-encoded CRLs

Yes

Yes

Manually Loading a CRL onto the Device

Online certificate revocation list (CRL) retrieval through LDAP and HTTP

Yes

Yes

PKI Management and Implementation

CRL update at user-specified interval

Yes

Yes

Understanding Certificate Revocation Lists

FTP Application Layer Gateway (ALG)

Yes

Yes

Configuring Application Layer Gateways—Quick Configuration

Trivial File Transfer Protocol (TFTP) ALG

Yes

Yes

Configuring Application Layer Gateways—Quick Configuration

H.323 ALG

Yes

No

Understanding the H.323 ALG

Media Gateway Control Protocol (MGCP) ALG

Yes

Yes

Understanding the MGCP ALG

Point-to-Point Tunneling Protocol (PPTP) ALG

Yes

No

Configuring Application Layer Gateways—Quick Configuration

REAL ALG

Yes

No

Table 69

Remote procedure call (RPC) ALG

Yes

No

Understanding the RPC ALG

Remote shell (RSH) ALG

Yes

No

Configuring Application Layer Gateways—Quick Configuration

Real-Time Streaming Protocol (RTSP) ALG

Yes

No

Configuring Application Layer Gateways—Quick Configuration

Skinny Call Control Protocol (SCCP) ALG

Yes

No

Understanding the SCCP ALG

Session Initiation Protocol (SIP) ALG

Yes

No

Understanding the SIP ALG

Structured Query Language (SQL) ALG

Yes

No

Configuring Application Layer Gateways—Quick Configuration

TALK ALG

Yes

No

Configuring Application Layer Gateways—Quick Configuration

Intrusion Detection and Prevention (IDP) Policy

No

Yes

IDP Policies Overview

Intrusion prevention system (IPS) rulebase

No

Yes

Defining Rules for an IPS Rulebase

Exempt rulebase

No

Yes

Defining Rules for an Exempt Rulebase

Custom attacks

No

Yes

Understanding Custom Attack Objects

Differentiated Services code point (DSCP) marking

No

Yes

Configuring DSCP in an IDP Policy

Netscreen Remote VPN client

Yes

No

NetScreen-Remote VPN Client