 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
You can operate the router either in secure context or router context. These contexts are meant to be starting points from which you can customize the configuration for your network requirements. By default, the Services Router operates in secure context. For information describing how to change contexts, see the JUNOS Software Administration Guide.
The basic configuration for secure context binds the ge-/0/0/0 interface to a preconfigured zone called trust. All other interfaces are bound to a preconfigured untrust zone. The ge-0/0/0 interface has SSH and HTTP services enabled for management access. These services as well as Telnet, HTTPS, and DHCP are configured as host-inbound services for the ge-0/0/0 interface. For the trust zone, TCP Reset is also enabled. The default policy for the trust zone allows transmission of traffic from the trust zone to the untrust zone. All traffic within the trust zone is allowed.
To protect against attacks launched from within the zone, the following screens are enabled for the untrust zone: ICMP ping-of-death, IP source route options, IP teardrop, TCP land attack, and TCP SYN flood. The default policy for the untrust zone denies all traffic.
In router context, all transit traffic security checks are disabled. The default policy allows all transit traffic, and all interfaces are bound to the trust zone.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |