Related Documentation
- J Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- SRX Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
Understanding How to Control Inbound Traffic Based on Protocols
This topic describes the inbound system protocols on the specified zone or interface.
Any host-inbound traffic that corresponds to a protocol listed under the host-inbound traffic option is allowed. For example, if anywhere in the configuration, you map a protocol to a port number other than the default, you can specify the protocol in the host-inbound traffic option, and the new port number will be used. Table 1 lists the supported protocols. A value of all indicates that traffic from all of the following protocols is allowed inbound on the specified interfaces (of the zone, or a single specified interface).
Table 1: Supported Inbound System Protocols
Supported System Services | |||
|---|---|---|---|
all | igmp | pim | sap |
bfd | ldp | rip | vrrp |
bgp | msdp | ripng | nhrp |
router-discovery | dvmrp | ospf | rsvp |
pgm | ospf3 | ||
 | Note: If DVMRP or PIM is enabled for an interface, IGMP and MLD host-inbound traffic is enabled automatically. Because ISIS uses OSI addressing and should not generate any IP traffic, there is no host-inbound traffic option for the ISIS protocol. |
| Note: You do not need to configure Neighbor Discovery Protocol (NDP) on host-inbound traffic, because the NDP is enabled by default. |
Configuration option for IPv6 Neighbor Discovery Protocol (NDP) is available. The configuration option is set protocol neighbor-discovery onlink-subnet-only command. This option will prevent the device from responding to a Neighbor Solicitation (NS) from a prefix which was not included as one of the device interface prefixes.
| Note: The Routing Engine needs to be rebooted after setting this option to remove any possibility of a previous IPv6 entry from remaining in the forwarding-table. |
Related Documentation
- J Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- SRX Series
- Security Zones and Interfaces Overview
- Understanding How to Control Inbound Traffic Based on Traffic Types
- Understanding How to Identify Duplicate Sessions Using the TCP-Reset Parameter
- Example: Controlling Inbound Traffic Based on Protocols
- Additional Information
- Junos OS Feature Support Reference for SRX Series and J Series Devices
