Related Documentation
- LN Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- SRX Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- Additional Information
- Security Zones and Interfaces Feature Guide for Security Devices
Understanding How to Control Inbound Traffic Based on Protocols
This topic describes the inbound system protocols on the specified zone or interface.
Any host-inbound traffic that corresponds to a protocol listed under the host-inbound traffic option is allowed. For example, if anywhere in the configuration, you map a protocol to a port number other than the default, you can specify the protocol in the host-inbound traffic option, and the new port number will be used. Table 1 lists the supported protocols. A value of all indicates that traffic from all of the following protocols is allowed inbound on the specified interfaces (of the zone, or a single specified interface).
Table 1: Supported Inbound System Protocols
Supported System Services | |||
|---|---|---|---|
all | igmp | pim | sap |
bfd | ldp | rip | vrrp |
bgp | msdp | ripng | nhrp |
router-discovery | dvmrp | ospf | rsvp |
pgm | ospf3 | ||
 | Note: If DVMRP or PIM is enabled for an interface, IGMP and MLD host-inbound traffic is enabled automatically. Because IS-IS uses OSI addressing and should not generate any IP traffic, there is no host-inbound traffic option for the IS-IS protocol. |
| Note: You do not need to configure Neighbor Discovery Protocol (NDP) on host-inbound traffic, because the NDP is enabled by default. |
Configuration option for IPv6 Neighbor Discovery Protocol (NDP) is available. The configuration option is set protocol neighbor-discovery onlink-subnet-only command. This option will prevent the device from responding to a Neighbor Solicitation (NS) from a prefix which was not included as one of the device interface prefixes.
| Note: The Routing Engine needs to be rebooted after setting this option to remove any possibility of a previous IPv6 entry from remaining in the forwarding-table. |
Related Documentation
- LN Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- SRX Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- Additional Information
- Security Zones and Interfaces Feature Guide for Security Devices
