[Contents] [Prev] [Next] [Index] [Report an Error]

[edit services] Hierarchy Level

To configure services, include the following statements at the [edit services] hierarchy level of the configuration:

adaptive-services-pics {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable> <match regex>;
flag flag;
}
}
cos {
application-profile profile-name {
sip-text {
dscp (alias | bits);
forwarding-class class-name;
}
sip-video {
dscp (alias | bits);
forwarding-class class-name;
}
sip-voice {
dscp (alias | bits);
forwarding-class class-name;
}
}
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
applications [ application-names ];
application-sets [ set-names ];
destination-address address;
destination-prefix-list list-name <except>;
source-address address;
source-prefix-list list-name <except>;
}
then {
application-profile profile-name;
dscp (alias | bits);
forwarding-class class-name;
(reflexive | reverse) {
application-profile profile-name;
dscp (alias | bits);
forwarding-class class-name;
syslog;
}
syslog;
}
}
}
rule-set rule-set-name {
[ rule rule-names ];
}
}
dynamic-flow-capture {
capture-group client-name {
content-destination identifier {
address address;
hard-limit bandwidth;
hard-limit-target bandwidth;
soft-limit bandwidth;
soft-limit-clear bandwidth;
ttl hops;
}
control-source identifier {
allowed-destinations [ destination ];
minimum-priority value;
no-syslog;
notification-targets [ address address port port-number ];
service-port port-number;
shared-key value;
source-addresses [ address ];
}
duplicates-dropped-periodicity seconds;
input-packet-rate-threshold rate;
interfaces interface-name;
max-duplicates number;
pic-memory-threshold percentage percentage;
}
g-max-duplicates number;
g-duplicates-dropped-periodicity seconds;
}
flow-collector {
analyzer-address address;
analyzer-id name;
destinations {
ftp:url {
password "password";
}
file-specification {
variant variant-number {
data-format format;
name-format format;
transfer {
record-level number;
timeout seconds;
}
}
}
interface-map {
collector interface-name;
file-specification variant-number;
interface-name {
collector interface-name;
file-specification variant-number;
}
}
retry number;
retry-delay seconds;
transfer-log-archive {
archive-sites {
ftp:url {
password "password";
username username;
}
}
filename-prefix prefix;
maximum-age minutes;
}
}
flow-monitoring {
version9 {
template template-name {
flow-active-timeout seconds;
flow-inactive-timeout seconds;
ipv4-template;
mpls-template {
label-position [ positions ];
}
mpls-ipv4-template {
label-position [ positions ];
}
option-refresh-rate packets packets seconds seconds;
template-refresh-rate packets packets seconds seconds;
}
}
}
flow-tap {
interface interface-name;
}
ids {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
applications [ application-names ];
application-sets [ set-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value<except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
aggregation {
destination-prefix prefix-number | destination-prefix-ipv6 prefix-number;
source-prefix prefix-number | source-prefix-ipv6 prefix-number;
}
(force-entry | ignore-entry);
logging {
syslog;
threshold rate;
}
session-limit {
by-destination {
hold-time seconds;
maximum number;
packets number;
rate number;
}
by-pair {
maximum number;
packets number;
rate number;
}
by-source {
hold-time seconds;
maximum number;
packets number;
rate number;
}
}
syn-cookie {
mss value;
threshold rate;
}
}
}
}
rule-set rule-set-name {
[ rule rule-names ];
}
}
ipsec-vpn {
clear-ike-sas-on-pic-restart;
clear-ipsec-sas-on-pic-restart;
ike {
proposal proposal-name {
authentication-algorithm (md5 | sha1 | sha-256);
authentication-method (dsa-signatures | pre-shared-keys | rsa-signatures);
description description;
dh-group (group1 | group2);
encryption-algorithm algorithm;
lifetime-seconds seconds;
}
policy policy-name {
description description;
local-certificate identifier;
local-id {
ipv4_addr [ values ];
ipv6_addr [ values ];
key_id [ values ];
}
mode (aggressive | main);
pre-shared-key (ascii-text key | hexadecimal key);
proposals [ proposal-names ];
remote-id {
ipv4_addr [ values ];
ipv6_addr [ values ];
key_id [ values ];
}
}
}
ipsec {
proposal proposal-name {
authentication-algorithm (hmac-md5-96 | hmac-sha1-96);
description description;
encryption-algorithm algorithm;
lifetime-seconds seconds;
protocol (ah | esp | bundle);
}
policy policy-name {
description description;
perfect-forward-secrecy {
keys (group1 | group2);
}
proposals [ proposal-names ];
}
}
rule rule-name {
match-direction (input | output);
term term-name {
from {
destination-address address;
ipsec-inside-interface interface-name;
source-address address;
}
then {
backup-remote-gateway address;
clear-dont-fragment-bit;
dynamic {
ike-policy policy-name;
ipsec-policy policy-name;
}
initiate-dead-peer-detection;
manual {
direction (inbound | outbound | bidirectional) {
authentication {
algorithm (hmac-md5-96 | hmac-sha1-96);
key (ascii-text key | hexadecimal key );
}
auxiliary-spi spi-value;
encryption {
algorithm algorithm;
key (ascii-text key | hexadecimal key );
}
protocol (ah | bundle | esp);
spi spi-value;
}
}
no-anti-replay;
remote-gateway address;
syslog;
tunnel-mtu bytes;
}
}
}
rule-set rule-set-name {
[ rule rule-names ];
}
traceoptions {
file {
files number;
size bytes;
}
flag flag;
}
}
l2tp {
tunnel-group name {
hello-interval seconds;
hide-avps;
l2tp-access-profile profile-name;
local-gateway address address;
maximum-send-window packets;
ppp-access-profile profile-name;
receive-window packets;
retransmit-interval seconds;
service-interface interface-name;
syslog {
host hostname {
services severity-level;
facility-override facility-name;
log-prefix prefix-value;
}
}
tunnel-timeout seconds;
}
traceoptions {
debug-level level;
filter {
protocol name;
}
flag flag;
interfaces interface-name {
debug-level level;
flag flag;
}
}
}
logging {
traceoptions {
file filename <files number> <size size> <world-readable | no-world-readable> <match regex>;
flag flag;
}
}
nat {
ipv6-multicast-interfaces (all interface-name);
pool nat-pool-name {
address (address | address-range low value high value | prefix);
pgcp {
hint hint-string;
ports-per-session ports;
remotely-controlled;
transport;
}
port (automatic | range low minimum-value high maximum-value) {
random-allocation;
}
}
rule rule-name {
match-direction (input | output);
term term-name {
nat-type(full-cone | symmetric);
from {
applications [ application-names ];
application-sets [ set-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
source-prefix-list list-name <except>;
}
then {
syslog;
translated {
destination-pool nat-pool-name;
destination-prefix destination-prefix;
overload-pool overload-pool-name;
overload-prefix overload-prefix;
source-pool nat-pool-name;
source-prefix source-prefix;
translation-type (destination type | source type);
}
}
}
}
rule-set rule-set-name {
[ rule rule-names ];
}
}
pgcp {
gateway gateway-name {
cleanup-timeout seconds;
gateway-address gateway-address;
fast-update-filters {
maximum-terms number-of-terms;
maximum-fuf-percentage percentage;
}
gateway-controller gateway-controller-name {
controller-address ip-address;
controller-port port-number;
interim-ah-scheme {
algorithm algorithm;
}
}
gateway-port gateway-port;
graceful-restart {
maximum-synchronization-mismatches number-of-mismatches;
maximum-synchronization-time seconds;
}
data-inactivity-detection {
inactivity-delay;
latch-deadlock-delay seconds;
send-notification-on-delay;
inactivity-duration seconds;
stop-detection-on-drop;
report-service-change {
service-change-type (forced-906) | forced-910);
}
}
h248-properties {
application-data-inactivity-detection {
ip-flow-stop-detection (regulated-notify | immediate-notify);
}
base-root {
normal-mg-execution-time default milliseconds;
normal-mgc-execution-time default milliseconds;
mg-provisional-response-timer-value default milliseconds;
mgc-provisional-response-timer-value default milliseconds;
mg-originated-pending-limit default number-of-pendings-received;
mgc-originated-pending-limit default number-of-pendings-received;
}
diffserv {
dscp {
default (dscp-value | alias | do-not-change);
}
}
event-timestamp-notification {
request-timestamp (requested | suppressed | autonomous);
{
hanging-termination-detection {
timerx seconds;
}
notification-behavior {
notification-regulation default (once | 0 - 100);
}
segmentation {
mg-segmentation-timer default milliseconds;
mgc-segmentation-timer default milliseconds;
mg-maximum-pdu-size default bytes;
mgc-maximum-pdu-size default bytes;
}
traffic-management {
peak-data-rate {
default bytes-per-second;
rtcp {
fixed-value bytes-per-second;
percentage percentage;
}
}
sustained-data-rate {
default bytes-per-second;
rtcp {
fixed-value bytes-per-second;
percentage percentage;
}
}
max-burst-size {
default bytes;
rtcp {
fixed-value bytes;
percentage percentage;
}
}
}
inactivity-timer {
inactivity-timeout {
detect;
maximum-inactivity-time {
default 10-millisecond-units;
}
}
}
}
h248-options {
audit-observed-events-returns-history;
encoding {
no-dscp-bit-mirroring;
}
service-change {
control-association-indications {
disconnect {
controller-failure (failover-909 | restart-902);
reconnect (disconnected-900 | restart-902);
}
down {
administrative (forced-905 | forced-908 | none);
failure (forced-904 | forced-908 | none);
graceful (graceful-905 | none);
}
up {
cancel-graceful (none | restart-918);
failover-cold (failover-920 | restart-901);
failover-warm (failover-919 | restart-902);
}
}
virtual-interface-indications {
virtual-interface-down {
administrative (forced-905 | forced-906 | none);
failure (forced-904 | forced-906 | none);
graceful (graceful-905 | none);
link-loss (forced-906 | none);
}
virtual-interface-up {
cancel-graceful (none | restart-918);
warm (none | restart-900);
}
}
context-indications {
state-loss (forced-910 | forced-915 | none);
}
}
wildcard-response-service-change;
}
h248-timers {
initial-average-ack-delay milliseconds;
maximum-net-propagation-delay milliseconds;
maximum-waiting-delay milliseconds;
tmax-retransmission-delay milliseconds;
}
max-concurrent-calls number-of-calls;
monitor {
media {
rtcp;
rtp;
}
}
service-state (in-service | out-of-service-forced | out-of-service-graceful);
session-mirroring {
delivery-function delivery-function-name {
destination-address destination-address;
destination-port destination-port;
network-operator-id network-operator-id;
source-address source-address;
source-port source-port;
}
disable-session-mirroring;
}
}
media-service media-service-name {
nat-pool nat-pool-name;
}
rule rule-name {
gateway gateway-name;
media-service media-service-name;
}
rule-set rule-set-name {
rule rule-name1;
rule rule-name2;
rule rule-name3;
}
traceoptions {
file filename <files number> <match regex> <size size> <world-readable | no-world-readable>;
flag flag;
}
virtual-interface interface-number {
media-service media-service-name;
interface interface-identifier;
routing-instance instance-name {
service-interface name.number;
}
service-state (in-service | out-of-service-forced | out-of-service-graceful);
}
session-mirroring {
delivery-function delivery-function-name {
destination-address destination-address;
destination-port destination-port;
network-operator-id network-operator-id;
source-address source-address;
source-port source-port;
}
disable-session-mirroring;
}
}
rpm {
bgp {
data-fill data;
data-size size;
destination-port port;
history-size size;
logical-system logical-system-name [ routing-instances routing-instance-name ];
probe-count count;
probe-interval seconds;
probe-type type;
routing-instances instance-name;
test-interval interval;
}
probe owner {
test test-name {
data-fill data;
data-size size;
destination-interface interface-name;
destination-port port;
dscp-code-point dscp-bits;
hardware-timestamp;
history-size size;
moving-average-size number;
one-way-hardware-timestamp;
probe-count count;
probe-interval seconds;
probe-type type;
routing-instance instance-name;
source-address address;
target (url | address);
test-interval interval;
thresholds thresholds;
traps traps;
}
}
probe-limit limit;
probe-server {
tcp {
destination-interface interface-name;
port (RPM) number;
}
udp {
destination-interface interface-name;
port (RPM) number;
}
}
twamp {
server {
client-list list-name {
[ address address ];
}
inactivity-timeout seconds;
maximum-connections count;
maximum-connections-per-client count;
maximum-sessions count;
maximum-sessions-per-connection count;
port number;
}
}
}
service-set service-set-name {
([ ids-rules rule-names ] | ids-rule-sets rule-set-name);
([ ipsec-vpn-rules rule-names ] | ipsec-vpn-rule-sets rule-set-name);
([ nat-rules rule-names ] | nat-rule-sets rule-set-name);
([ pgcp-rules rule-names] | pgcp-rule-sets rule-set-name);
([ stateful-firewall-rules rule-names ] | stateful-firewall-rule-sets rule-set-name);
allow-multicast;
extension-service service-name {
provider-specific rules;
}
interface-service {
service-interface interface-name;
}
ipsec-vpn-options {
ike-access-profile profile-name;
local-gateway address;
trusted-ca [ ca-profile-name ];
}
max-flows number;
next-hop-service {
inside-service-interface name.number;
outside-service-interface name.number;
service-interface-pool name;
}
syslog {
host hostname {
services severity-level;
facility-override facility-name;
log-prefix prefix-value;
}
}
}
stateful-firewall {
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
applications [ application-names ];
application-sets [ set-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
destination-prefix-list list-name <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value<except>;
source-prefix-list list-name <except>;
}
then {
(accept | discard | reject);
allow-ip-option [ values ];
syslog;
}
}
}
rule-set rule-set-name {
[ rule rule-names ];
}
}
}
[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.