Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring Service Rules


You specify the collection of rules and rule sets that constitute the service set. The router performs rule sets in the order in which they appear in the configuration. You can include only one rule set for each service type. You configure the rule names and content for each service type at the [edit services name] hierarchy level for each type:

To configure the rules and rule sets that constitute a service set, include the following statements at the [edit services service-set service-set-name] hierarchy level:

For each service type, you can include one or more individual rules, or one rule set.

If you configure a service set with IPsec rules, it must not contain rules for any other services. You can, however, configure another service set containing rules for the other services and apply both service sets to the same interface.


You can also include Junos Application Aware (previously known as Dynamic Application Awareness) functionality within service sets. To do this, you must include an idp-profile statement at the [edit services service-set] hierarchy level, along with application identification (APPID) rules, and, as appropriate, application-aware access list (AACL) rules and a policy-decision-statistics-profile. Only one service sets can be applied to a single interface when Junos Application Aware functionality is used. For more information, see Configuring IDS Rules on an MS-DPC, APPID Overview, and Application Aware Services Interfaces User Guide for Routing Devices.