As shipped from the factory, a Services Router running JUNOS software initially starts up and uses a configuration that places the router in secure context. You can change the context in which the Services Router is running from secure context to router context. To do so, you use a predefined template configuration file. If you plan to use the Services Router primarily as a router, change to router context with this configuration as your starting point.
 |
Caution: If you plan to change contexts, do so before you configure anything else on the Services Router. If you change contexts after you have configured the Services Router, your configuration is overwritten by the default configuration for the new context. |
 |
Note: Both secure context and router context are flow-enabled. MPLS is not supported in either context because MPLS undergoes packet-based processing. |
The following table lists secure and router context features, specifies whether the features are supported on various device types, and indicates where you can find more information about each feature.
Table 28: Support Information: Secure and Router Context Options
| Feature | J-series Services Routers | SRX-series Services Gateways | More Information |
|---|---|---|---|
|
Secure context factory configuration |
Yes |
No | |
|
Router context factory configuration |
Yes |
No |
Secure context allows a Services Router to act as a stateful firewall with only management access. To allow traffic to pass through a Services Router, you must explicitly configure a security policy for that purpose. In secure context, a Services Router forwards packets only if a security policy permits it. Certain services are also configured (in the host-inbound-traffic statement of the [edit security zones] hierarchy level) to allow host-inbound traffic for management of a Services Router. A Services Router running in secure context is a secure routing device with predefined configuration values.
When you use the router in secure context, you can configure additional security features. You can also remove security features and configure additional routing features to provide greater routing capability. The secure context configuration of the router is provided for ease of use. It is intended as a starting point that you can build on to customize the router for your environment.
To change contexts, see the JUNOS Software Administration Guide.
The basic configuration for secure context includes the following settings:
The ge-0/0/0 interface is configured to allow management access with SSH and HTTP services enabled. The following host-inbound services are configured for the ge-0/0/0 interface in the trust zone: HTTP, HTTPS, SSH, Telnet, and DHCP.
For the default configuration file for secure context, see the JUNOS Software Administration Guide.
Router context allows a Services Router to act as a router in which all management and transit traffic is allowed. All interfaces are bound to the trust zone, and host inbound traffic from all predefined services is allowed. In router context, the Services Router forwards all packets unless you configure a security policy that denies specific traffic.
JUNOS software is a hardened operating system. You can use JUNOS software with more relaxed checks for host-inbound traffic and configure the data plane with default transit policies to permit all traffic. In this scenario, the Services Router operates in a router context.
You load a predefined template configuration, jsr-series-routermode-factory.conf, to change to router context. In router context, the Services Router remains flow-enabled. All security features are available, but they are explicitly disabled.
When you use the router in router context, you can configure additional routing features. You can also configure security features selectively to provide additional protection. The router context configuration is provided for ease of use. It is intended as a starting point that you can build on to customize the router for your environment.
For the default configuration file for router context and to change contexts, see the JUNOS Software Administration Guide.
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |