Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Service Set (NSM Procedure)

    A service set is a collection of services to be performed by an Adaptive Services (AS) or Multiservices PIC.

    To configure a service set in NSM:

    1. In the navigation tree select Device Manager > Devices.
    2. In the Devices list, double-click the device to select it.
    3. In the Configuration tab, expand Services.
    4. Select Service Set.
    5. Add or modify the settings as specified in Table 1.
    6. Click one:
      • OK—Save the changes.
      • Cancel—Cancel the modifications.

    Table 1: Service Set Configuration Details

    TaskYour Action

    Define the service set.

    1. Click Add new entry next to Service Set.
    2. In the Name box, enter the name that identifies the service set.
    3. In the Comment box, enter the comment.
    4. In the Max Flows box, enter the maximum number of flows.
    5. From the Tcp Mss list, select the TCP Maximum Segment Size (MSS) allowed for the service set.

      Range: 536 to 65535

    6. From the Application Identification Profile list, select the application identification method.
    7. From the Idp Profile list, select the Idp profile.

      Note: The IDP profile is a list of IDP policies as defined in the Security > Idp > Idp policy assigned to this device.

    Configuring AACL rule and AACL rule set.

    1. Click Aacl Rules next to service-set.
    2. Select one of the following:
      • aacl-rules—To specify the rule the router uses when applying this service.
      • aacl-rule-set—To specify the rule set the router uses when applying this service.
    3. Click Add new entry.
    4. From the Name list, select the identifier for the collection of terms that constitute this rule set.
    5. In the Comment box, enter the comment.

    Allow multicast traffic to be sent to the Adaptive Services or Multiservices PIC.

    1. Click Allow Multicast next to service-set.
    2. In the Comment box, enter the comment.

    Specify the Class of Service (CoS) service rule or rule set included in this service.

    1. Click Cos Rules next to service-set.
    2. Select one of the following:
      • cos-rules—To specify cos-rules.
      • cos-rule-set—To specify cos-rules set.
    3. Click Add new entry.
    4. From the Name list, select the rule or rule set name.

    In the Comment box, enter the comment.

    Define Junos SDK service set.

    1. Click Extension Service next to service-set.
    2. Click Add new entry next to Extension Service.
    3. In the Name box, enter the identifier for a provider-specific service.
    4. In the Comment box, enter the comment.

    Specify the intrusion detection service (IDS) rules or rule set included in this service set.

    1. Click Ids Rules next to service-set.
    2. Select one of the following:
      • ids—rules—To specify the ids rules.
      • ids-rule-sets—To specify the ids-rule-sets.
    3. Click Add new entry.
    4. From the Name list, select the rule or rule set name.

    In the Comment box, enter the comment.

    Specify the device name for the interface service PIC.

    1. Click Interface Service next to service-set.
    2. Select one of the following:
      • interface-service—To specify the device name for the interface service Physical Interface Card.
        1. In the Comment box, enter the comment.
        2. In the Services Interface box, enter the name of the service device associated with the interface-wide service set.
      • next-hop-service—To specify interface names or a service interface pool for the forwarding next-hop service set. You cannot specify both a service interface pool and an inside or outside interface.
        1. In the Comment box, enter the comment.
        2. In the Inside Service Interface box, enter the name and logical unit number of the service interface associated with the service set applied inside the network.
        3. In the Outside Service Interface box, enter the name and logical unit number of the service interface associated with the service set applied outside the network
        4. From the Service Interface Pool list, select the name of the pool of logical interfaces.

    Specify the Network Address Translation (NAT) rules or rule set included in this service set.

    1. Click Nat Rules next to service-set.
    2. Select one of the following:
      • nat-rules—To specify the NAT rules included in this service set.
      • nat-rule-sets—To specify the NAT rule set included in this service set.
    3. Click Add new entry.
    4. From the Name list, select the rule or rule set name.
    5. In the Comment box, enter the comment.

    Specify the Packet Gateway Control Protocol (PGCP) rules or rule set included in this service set.

    1. Click Pgcp Rules next to service-set.
    2. Select one of the following:
      • pgcp-rules—To specify the pgcp rules included in this service set.
      • pgcp-rule-set—To specify the pgcp rule set included in this service set.
    3. Click Add new entry.
    4. From the Name list, select the rule or rule set name.
    5. In the Comment box, enter the comment.

    Configuring the policy decision statistics profile.

    1. Click Policy Decision Statistics Profile next to service-set.
    2. In the Comment box, enter the comment.
    3. From the Profile Name list, select the policy decision statistics profile.

    Define the order in which services are applied for this service set.

    1. Click Service Order next to service-set.
    2. In the Comment box, enter the comment.
    3. Click Forward Flow next to Service Order.
    4. Click Add new entry next to Forward Flow.
    5. In the New forward-flow window, enter the service order for forward flow.
    6. Click Reverse Flow next to Service Order.
    7. Click Add new entry next to Reverse Flow.
    8. In the New reverse-flow window, enter the service order for reverse flow.

    Specify the stateful firewall rules or rule set included in this service set.

    1. Click Stateful Firewall Rules next to service-set.
    2. Select one of the following:
      • stateful-firewall-rules—To specify the stateful firewall rules.
      • stateful-firewall-rule-sets—To specify the stateful firewall rule set.
    3. Click Add new entry.
    4. From the Name list, select the rule or rule set name.
    5. In the Comment box, enter the comment.

    Configure generation of system log messages for the service set.

    1. Click Syslog next to service-set.
    2. In the Comment box, enter the comment.
    3. Click Host next to Syslog.
    4. Click Add new entry next to Host.
    5. In the Name box, enter the name of the system logging utility host machine.
    6. In the Comment box, enter the comment.
    7. From the Facility Override list, select the name of the facility that overrides the default assignment.
    8. In the Log Prefix box, enter the system logging prefix value.
    9. Click Contents next to host.
    10. From the Name list, select the service set.
    11. In the Comment box, enter the comment.
    12. From the Any list, select the system logging severity level.

    Published: 2013-01-02