DESIGNER TOOLS
Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

LxCIPtable VNF Configuration Settings

Best Practice Service providers configure base settings for a VNF. Customers should not change these values unless directed to do so by their service provider. Service providers may provide some generic examples of service configurations for their customers. Customers can configure services—for example, by creating policies—appropriate to their networks in Customer Portal.

Use the information in the following tables to provide values for the available settings:

Note The tables are applicable for centralized deployment model only.

Table 25: Fields for the LxCIP Base Settings

Field

Description

Loopback Address

Specify a loopback IP address.

Example: 192.0.2.10

Operation

Select add to apply the policies to a specific route or del to prevent use of the policies on specific routes.

Example: add

Route

Specify the IP prefix of the route to which the policies should apply.

Example: 192.0.2.20/24

Next Hop

Specify the IP address of a Contrail gateway network to which the VM connects.

Example: 192.0.2.20

Table 26: Fields for the LxCIP Firewall Policy Settings

Field

Description

Firewall Policies

Prevent SSH Brute

Select True to prevent SSH brute attacks or False to allow SSH brute attacks.

Example: False

Prevent Ping Flood

Select True to prevent ping flood attacks or False to allow ping flood attacks.

Example: False

Forwarding Rule Settings

Destination Address

Specify the destination IP address prefix that the network service uses as a match criterion for outgoing traffic.

Example: 192.0.2.25/24

Operation

Select the operation, which applies to a chain of rules of the same type, from the drop-down list. The following options are available:

  • append—Append the rule to a rule chain.

  • insert-before—Insert the rule before a rule with the same name.

  • delete—Replace an existing rule with this name.

Example: append

Source Address

Specify the source IP address prefix that the network service uses as a match criterion for outgoing traffic.

Example: 192.0.2.20/24

Name

Specify the name for the rule. The field has no limit on the number of characters and accepts letters, numbers, and symbols.

Example: vsrx-fw-policy

Action

Select the action for the rule, which applies to all traffic that matches the specified criteria.

  • accept—Transmit packets that match the policy parameters.

  • drop—Drop packets that match the policy parameters.

  • reject—Reject packets that match the policy parameters.

Example: accept

Service

Specify the service that you want the rule to match.

Example:

  • http

  • smtp

Type

Select the type of packet that the rule matches.

  • input—Packets that the network service receives that are addressed to this VM

  • forward—Packets that the network service receives that are addressed to other VMs

  • output—Packets that the network service transmits

The application creates a chain of all rules with a particular type.

Example: input

Table 27: Fields for the LxCIP NAT Policy Settings

Field

Description

Left Interface

Specify the name of the interface on which the network service enforces NAT for incoming traffic.

Example: Eth1

Right Interface

Specify the name of the interface on which the network service enforces NAT for outgoing traffic.

Example: Eth2

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit