Security Features on J-series Services Routers

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

The following tables list security features that are supported on J-series Services Routers.

Table 37: Zones

Feature	More Information
Security zone	Security Zone
Functional zone	Functional Zone
For information about the interfaces that are supported on your device, see the JUNOS Software Interfaces and Routing Configuration Guide.

Table 38: Security Policy

Feature	More Information
Address books	Configuring Address Books
Policy application sets	Policy Application Sets Overview
Schedulers	Configuring Schedulers
Policy applications	Understanding Internet-Related Predefined Policy Applications
Internet Control Message Protocol (ICMP) predefined policy application	Understanding the ICMP Predefined Policy Application
Internet-related predefined policy applications	Understanding Internet-Related Predefined Policy Applications
Microsoft predefined policy applications	Understanding Microsoft Predefined Policy Applications
Dynamic routing protocols predefined policy applications	Understanding Dynamic Routing Protocols Predefined Policy Applications
Streaming video predefined policy applications	Understanding Streaming Video Predefined Policy Applications
Sun remote procedure protocol (RPC) predefined policy applications	Understanding Sun RPC Predefined Policy Applications
Security and tunnel predefined policy applications	Understanding Security and Tunnel Predefined Policy Applications
IP-related predefined policy applications	Understanding IP-Related Predefined Policy Applications
Instant messaging predefined policy applications	Understanding Instant Messaging Predefined Policy Applications
Management predefined policy applications	Understanding Management Predefined Policy Applications
Mail predefined policy applications	Understanding Mail Predefined Policy Applications
UNIX predefined policy applications	Understanding UNIX Predefined Policy Applications
Miscellaneous predefined policy applications	Understanding Miscellaneous Predefined Policy Applications
Custom policy Applications	Understanding Custom Policy Applications
Policy application timeouts	Understanding Policy Application Timeouts
Policy verification	Understanding Policy Ordering

Table 39: Firewall Authentication

Feature	More Information
Web authentication	Web Authentication
Pass-through authentication	Pass-Through Authentication
Local authentication server	Firewall User Authentication Overview
RADIUS authentication server	Firewall User Authentication Overview
LDAP authentication server	Firewall User Authentication Overview
SecurID authentication server	Understanding SecurID User Authentication

Table 40: Infranet Authentication

Feature	More Information
JUNOS Enforcers in Unified Access Control (UAC) deployments	Infranet Authentication

Table 41: Attack Detection and Prevention

Feature	More Information
Bad IP option	Understanding Bad IP Option Protection
Block fragment traffic	Blocking Fragmented ICMP Packets
FIN flag without ACK flag set protection	Blocking Packets with FIN Flag/No ACK Flag Set
ICMP flood protection	Understanding ICMP Flood Attacks
ICMP fragment protection	Understanding ICMP Fragment Protection
Large size ICMP packet protection	Understanding Large ICMP Packet Protection
Loose source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP record route option	Screen Options for Detecting IP Options Used For Reconnaissance
IP security option	Screen Options for Detecting IP Options Used For Reconnaissance
IP address spoof	Blocking IP Spoofing
IP stream option	Screen Options for Detecting IP Options Used For Reconnaissance
IP strict source route option	Blocking Packets with Either a Loose or Strict Source Route Option Set
IP address sweep	Understanding IP Address Sweeps
IP timestamp option	Screen Options for Detecting IP Options Used For Reconnaissance
Land attack protection	Understanding Land Attacks
Ping of death attack protection	Understanding Ping of Death Attacks
Port scan	Understanding Port Scanning
Source IP based session limit	Understanding Session Table Flood Attacks
SYN-ACK-ACK proxy protection	Understanding SYN-ACK-ACK Proxy Flood Attacks
SYN and FIN flags set protection	Blocking Packets with SYN and FIN Flags Set
SYN flood protection	Understanding SYN Flood Attacks
SYN fragment protection	Understanding SYN Fragment Protection
Teardrop attack protection	Understanding Teardrop Attacks
TCP packet without flag set protection	Blocking Packets with No Flags Set
Unknown protocol protection	Understanding Unknown Protocol Protection
UDP flood protection	Understanding UDP Flood Attacks
WinNuke attack protection	Understanding WinNuke Attacks

Table 42: Network Address Translation

Feature	More Information
Destination IP address translation	Destination IP Address Translation Overview
Static Network Address Translation (NAT)	Understanding Static NAT
Rule-based NAT	Understanding Rule-Based Destination NAT
Source IP address translation	Source IP Address Translation Overview
NAT interface source pools	Understanding NAT Interface Source Pools
Configuring proxy Address Resolution Protocol (ARP)	Configuring Proxy ARP

Table 43: Chassis Cluster

Feature	More Information
Chassis cluster formation	Understanding Chassis Cluster Formation
Active/active chassis cluster (that is, cross-box data forwarding over the fabric interface)	Understanding Chassis Cluster
Redundancy group 0 (backup for Routing Engine)	Redundancy Group 0: Routing Engines
Redundancy groups 1 through 128	Redundancy Groups 1 Through 128
Redundant Ethernet interfaces	Understanding Redundant Ethernet Interfaces
Control plane failover	Understanding the Control Plane
Data plane failover	Understanding the Data Plane
All JUNOS flow-based routing functionality	JUNOS Software Interfaces and Routing Configuration Guide

Table 44: IPsec

Feature	More Information
Policy-based and route-based VPNs	Virtual Private Networks (VPNs) Overview
Tunnel mode	Packet Processing in Tunnel Mode
Authentication Header (AH) protocol	IPsec Security Protocols
Encapsulating Security Payload (ESP) protocol	IPsec Security Protocols
IKE phase 1	IPsec Tunnel Negotiation
IKE phase 2	IPsec Tunnel Negotiation
Manual key management	IPsec Key Management
Autokey management	IPsec Key Management
Antireplay (packet replay attack prevention)	Replay Protection
Dead peer detection (DPD)	Configuring an IKE Gateway (Standard and Dynamic VPNs)

Table 45: PKI

Feature	More Information
Internet Key Exchange (IKE) support	Internet Key Exchange
Entrust, Microsoft, and Verisign certificate authorities (CAs)	Understanding Certificates
Automated certificate enrollment using Simple Certificate Enrollment Protocol (SCEP)	Using Digital Certificates
Automatic generation of self-signed certificates	Understanding Self-Signed Certificates
Distinguished Encoding Rules (DER), Privacy-Enhanced Mail (PEM), Public-Key Cryptography Standard 7 (PKCS7), and X509 certificate encoding	Manually Loading a CRL onto the Device
Manual installation of DER-encoded and PEM-encoded CRLs	Manually Loading a CRL onto the Device
Online certificate revocation list (CRL) retrieval through LDAP and HTTP	PKI Management and Implementation
CRL update at user-specified interval	Understanding Certificate Revocation Lists

Table 46: ALGs

Feature	More Information
FTP Application Layer Gateway (ALG)	Configuring Application Layer Gateways—Quick Configuration
Trivial File Transfer Protocol (TFTP) ALG	Configuring Application Layer Gateways—Quick Configuration
H.323 ALG	Understanding the H.323 ALG
Media Gateway Control Protocol (MGCP) ALG	Understanding the MGCP ALG
Point-to-Point Tunneling Protocol (PPTP) ALG	Configuring Application Layer Gateways—Quick Configuration
REAL ALG	Table 72
Remote procedure call (RPC) ALG	Understanding the RPC ALG
Remote shell (RSH) ALG	Configuring Application Layer Gateways—Quick Configuration
Real-Time Streaming Protocol (RTSP) ALG	Configuring Application Layer Gateways—Quick Configuration
Skinny Call Control Protocol (SCCP) ALG	Understanding the SCCP ALG
Session Initiation Protocol (SIP) ALG	Understanding the SIP ALG
Structured Query Language (SQL) ALG	Configuring Application Layer Gateways—Quick Configuration
TALK ALG	Configuring Application Layer Gateways—Quick Configuration

Table 47: Netscreen Remote

Feature	More Information
Netscreen Remote VPN client	NetScreen-Remote VPN Client

Table 48: IDP Policy

Feature	More Information
Intrusion Detection and Prevention (IDP) Policy	IDP Policies Overview
Intrusion prevention system (IPS) rulebase	Defining Rules for an IPS Rulebase
Exempt rulebase	Defining Rules for an Exempt Rulebase
Custom attacks	Understanding Custom Attack Objects
Differentiated Services code point (DSCP) marking	Configuring DSCP in an IDP Policy

Table 49: IDP Signature Database

Feature	More Information
IDP signature database	Understanding the IDP Signature Database
Predefined policy templates	Using Predefined Policy Templates
Signature database—manual download	Updating the Signature Database Manually
Signature database—automatic download	Updating the Signature Database Automatically
Signature database version	Understanding the Signature Database Version

Table 50: IDP Application Identification

Feature	More Information
Application identification	Understanding Application Identification
Service and application bindings	Understanding Service and Application Bindings
Application system cache	Understanding Application System Cache

Table 51: IDP Monitoring and Logging

Feature	More Information
IDP logging	Understanding IDP Logging JUNOS Software Administration Guide
IDP monitoring and debugging (SRX 3400 and SRX 3600 only)	JUNOS Software CLI Reference

Table 52: IDP SSL Inspectioon

Feature	More Information
IDP SSL Inspection	IDP SSL Inspection

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]