Configuring Policies for Custom Firewall Exceptions

You can create policies with the Policies, Services, and Subscribers CLI or the Policies, Services, and Subscribers subtasks in the C-Web interface.

To configure a policy for a custom firewall exception:

1. Create a stateless firewall policy group and associated policy rules.
2. Specify parameters for the following properties for each policy rule:
   • IP protocol
   • TOS byte in the IP header
   • Source IP addresses
   • Source TCP/UDP ports
   • Destination IP addresses
   • Destination TCP/UDP ports
   • TCP flags
   • IP flags (fragmentation flags)
   • Fragmentation offset
   • Packet length
   • ICMP type
   • ICMP code

For a sample policy, see policyGroupName=custom_policer, ou=entjunos_statelessfw, o=Policies, o=umc in the sample data.

Copyright © 2008, Juniper Networks, Inc. All Rights Reserved. Trademark Notice.