A service set lets you combine rules for different services
into one set and then apply the set of services to inside and outside
interfaces on a MultiServices PIC or MS-DPC. You need to configure
a service set for each PIC or DPC.
In this case, we are creating a service set that does the following:
Combines the stateful firewall and BGF rules to be used
on the PIC. The BGF rule is the rule that associates the virtual BGF
with a NAT pool.
Applies the combined rules to an inside and outside interface
on the MultiServices PIC or MS-DPC that was created for the BGF service.
Defines a location and logging level for the service set.
Step-by-Step Procedure
To configure a service set:
Create a service set configuration.
[edit services]
user@host#edit service-set bgf-svc-set
Specify the name of the BGF rule or rule
set that applies to this service set.
[edit services service-set bgf-svc-set]
user@host#set pgcp-rules bgf-rule-1
Specify the name of the stateful firewall
rule that applies to this service set.
[edit services service-set bgf-svc-set]
user@host#set stateful-firewall-rules r1
Configure service set as a next-hop service
set.
[edit services service-set bgf-svc-set]
user@host#edit next-hop-service
Specify the service interface to the
inside network. This is the logical interface that you configured
as the inside service domain on the MultiServices PIC or MS-DPC that
you configured for the BGF.
Specify the service interface to the
outside network. This is the logical interface that you configured
as the outside service domain on the MultiServices PIC or MS-DPC that
you configured for the BGF.
