Security zone

Security Zone

Functional zone

Functional Zone

For information about the interfaces that are supported on your device, see the JUNOS Software Interfaces and Routing Configuration Guide.

Combo-mode support (SRX 3400 and SRX 3600 only)

SRX 3400 and SRX 3600 Services Gateways Overview

Flow-based processing (SRX 3400 and SRX 3600 only)

SRX 3400 and SRX 3600 Services Gateways Overview

Address books

Configuring Address Books

Policy application sets

Policy Application Sets Overview

Schedulers

Configuring Schedulers

Policy applications

Understanding Internet-Related Predefined Policy Applications

Internet Control Message Protocol (ICMP) predefined policy application

Understanding the ICMP Predefined Policy Application

Internet-related predefined policy applications

Understanding Internet-Related Predefined Policy Applications

Microsoft predefined policy applications

Understanding Microsoft Predefined Policy Applications

Dynamic routing protocols predefined policy applications

Understanding Dynamic Routing Protocols Predefined Policy Applications

Streaming video predefined policy applications

Understanding Streaming Video Predefined Policy Applications

Sun remote procedure protocol (RPC) predefined policy applications

Understanding Sun RPC Predefined Policy Applications

Security and tunnel predefined policy applications

Understanding Security and Tunnel Predefined Policy Applications

IP-related predefined policy applications

Understanding IP-Related Predefined Policy Applications

Instant messaging predefined policy applications

Understanding Instant Messaging Predefined Policy Applications

Management predefined policy applications

Understanding Management Predefined Policy Applications

Mail predefined policy applications

Understanding Mail Predefined Policy Applications

UNIX predefined policy applications

Understanding UNIX Predefined Policy Applications

Miscellaneous predefined policy applications

Understanding Miscellaneous Predefined Policy Applications

Custom policy Applications

Understanding Custom Policy Applications

Policy application timeouts

Understanding Policy Application Timeouts

Policy verification (SRX 5600 and SRX 5800 only)

Understanding Policy Ordering

Web authentication

Web Authentication

Pass-through authentication

Pass-Through Authentication

Local authentication server

Firewall User Authentication Overview

RADIUS authentication server

Firewall User Authentication Overview

LDAP authentication server

Firewall User Authentication Overview

SecurID authentication server

Understanding SecurID User Authentication

JUNOS Enforcers in Unified Access Control (UAC) deployments

Infranet Authentication

Bad IP option

Understanding Bad IP Option Protection

Block fragment traffic

Blocking Fragmented ICMP Packets

FIN flag without ACK flag set protection

Blocking Packets with FIN Flag/No ACK Flag Set

ICMP flood protection

Understanding ICMP Flood Attacks

ICMP fragment protection

Understanding ICMP Fragment Protection

Large size ICMP packet protection

Understanding Large ICMP Packet Protection

Loose source route option

Blocking Packets with Either a Loose or Strict Source Route Option Set

IP record route option

Screen Options for Detecting IP Options Used For Reconnaissance

IP security option

Screen Options for Detecting IP Options Used For Reconnaissance

IP address spoof

Blocking IP Spoofing

IP stream option

Screen Options for Detecting IP Options Used For Reconnaissance

IP strict source route option

Blocking Packets with Either a Loose or Strict Source Route Option Set

IP address sweep

Understanding IP Address Sweeps

IP timestamp option

Screen Options for Detecting IP Options Used For Reconnaissance

Land attack protection

Understanding Land Attacks

Ping of death attack protection

Understanding Ping of Death Attacks

Port scan

Understanding Port Scanning

Source IP based session limit

Understanding Session Table Flood Attacks

SYN-ACK-ACK proxy protection

Understanding SYN-ACK-ACK Proxy Flood Attacks

SYN and FIN flags set protection

Blocking Packets with SYN and FIN Flags Set

SYN flood protection

Understanding SYN Flood Attacks

SYN fragment protection

Understanding SYN Fragment Protection

Teardrop attack protection

Understanding Teardrop Attacks

TCP packet without flag set protection

Blocking Packets with No Flags Set

Unknown protocol protection

Understanding Unknown Protocol Protection

UDP flood protection

Understanding UDP Flood Attacks

WinNuke attack protection

Understanding WinNuke Attacks

Destination IP address translation

Destination IP Address Translation Overview

Static Network Address Translation (NAT)

Understanding Static NAT

Rule-based NAT

Understanding Rule-Based Destination NAT

Source IP address translation

Source IP Address Translation Overview

NAT interface source pools

Understanding NAT Interface Source Pools

Configuring proxy Address Resolution Protocol (ARP)

Configuring Proxy ARP

Chassis cluster formation

Understanding Chassis Cluster Formation

Active/active chassis cluster (that is, cross-box data forwarding over the fabric interface)

Understanding Chassis Cluster

Redundancy group 0 (backup for Routing Engine)

Redundancy Group 0: Routing Engines

Redundancy groups 1 through 128

Redundancy Groups 1 Through 128

Redundant Ethernet interfaces

Understanding Redundant Ethernet Interfaces

Control plane failover

Understanding the Control Plane

Data plane failover

Understanding the Data Plane

All JUNOS flow-based routing functionality (except for IPsec VPN)

JUNOS Software Interfaces and Routing Configuration Guide

Policy-based and route-based VPNs

Virtual Private Networks (VPNs) Overview

Tunnel mode

Packet Processing in Tunnel Mode

Authentication Header (AH) protocol

IPsec Security Protocols

Encapsulating Security Payload (ESP) protocol

IPsec Security Protocols

IKE phase 1

IPsec Tunnel Negotiation

IKE phase 2

IPsec Tunnel Negotiation

Manual key management

IPsec Key Management

Autokey management

IPsec Key Management

Antireplay (packet replay attack prevention)

Replay Protection

Dead peer detection (DPD)

Configuring an IKE Gateway (Standard and Dynamic VPNs)

XAuth extended authentication for remote access connections (SRX 5600 and SRX 5800 only)

Configuring an Access Profile for XAuth

VPN monitoring (SRX 5600 and SRX 5800 only)

Configuring VPN Global Settings (Standard VPNs)

Internet Key Exchange (IKE) support

Internet Key Exchange

Entrust, Microsoft, and Verisign certificate authorities (CAs)

Understanding Certificates

Automated certificate enrollment using Simple Certificate Enrollment Protocol (SCEP)

Using Digital Certificates

Automatic generation of self-signed certificates

Understanding Self-Signed Certificates

Distinguished Encoding Rules (DER), Privacy-Enhanced Mail (PEM), Public-Key Cryptography Standard 7 (PKCS7), and X509 certificate encoding

Manually Loading a CRL onto the Device

Manual installation of DER-encoded and PEM-encoded CRLs

Manually Loading a CRL onto the Device

Online certificate revocation list (CRL) retrieval through LDAP and HTTP

PKI Management and Implementation

CRL update at user-specified interval

Understanding Certificate Revocation Lists

FTP Application Layer Gateway (ALG)

Configuring Application Layer Gateways—Quick Configuration

Trivial File Transfer Protocol (TFTP) ALG

Configuring Application Layer Gateways—Quick Configuration

Point-to-Point Tunneling Protocol (PPTP) ALG (SRX 5600 and SRX 5800 only)

Configuring Application Layer Gateways—Quick Configuration

REAL ALG (SRX 5600 and SRX 5800 only)

Table 72

Remote procedure call (RPC) ALG (SRX 5600 and SRX 5800 only)

Understanding the RPC ALG

Remote shell (RSH) ALG (SRX 5600 and SRX 5800 only)

Configuring Application Layer Gateways—Quick Configuration

Real-Time Streaming Protocol (RTSP) ALG (SRX 5600 and SRX 5800 only)

Configuring Application Layer Gateways—Quick Configuration

Structured Query Language (SQL) ALG (SRX 5600 and SRX 5800 only)

Configuring Application Layer Gateways—Quick Configuration

TALK ALG (SRX 5600 and SRX 5800 only)

Configuring Application Layer Gateways—Quick Configuration

Intrusion Detection and Prevention (IDP) Policy

IDP Policies Overview

Intrusion prevention system (IPS) rulebase

Defining Rules for an IPS Rulebase

Exempt rulebase

Defining Rules for an Exempt Rulebase

Custom attacks

Understanding Custom Attack Objects

Differentiated Services code point (DSCP) marking

Configuring DSCP in an IDP Policy

IDP signature database

Understanding the IDP Signature Database

Predefined policy templates

Using Predefined Policy Templates

Signature database—manual download

Updating the Signature Database Manually

Signature database—automatic download

Updating the Signature Database Automatically

Signature database version

Understanding the Signature Database Version

Application identification

Understanding Application Identification

Service and application bindings

Understanding Service and Application Bindings

Application system cache

Understanding Application System Cache

IDP logging

• Understanding IDP Logging
• JUNOS Software Administration Guide

IDP monitoring and debugging (SRX 3400 and SRX 3600 only)

JUNOS Software CLI Reference

IDP SSL Inspection

IDP SSL Inspection