[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
system-services
See the following sections:
system-services (Interface Host-Inbound Traffic)
Syntax
- system-services {
-
service-name ;
-
service-name <except>;
- }
Hierarchy Level
- [edit security zones security-zone zone-name interfaces interface-name host-inbound-traffic]
Release Information
Statement introduced in Release 8.5
of JUNOS software.
Description
Specify the types of traffic that can
reach the device on a particular interface.
This statement is
supported on J-series and SRX-series devices.
Options
-
service-name —Service for which traffic
is allowed. The following services are supported:
-
all—Enable all
possible system services available on the Routing Engine (RE).
-
any-service—Enable
services on entire port range.
-
bootp—Enables
traffic destined to BOOTP and DHCP relay agents.
-
dhcp—Enable
incoming DHCP requests.
-
dns—Enable incoming
DNS services.
-
finger—Enable
incoming finger traffic.
-
ftp—Enable incoming
FTP traffic.
-
ident-reset—Enable
the access that has been blocked by an unacknowledged identification
request.
-
http—Enable
incoming J-Web or clear-text Web authentication traffic.
-
https—Enable
incoming J-Web or Web authentication traffic over Secure Sockets Layer
(SSL).
-
ike—Enable Internet
Key Exchange traffic.
-
netconf SSH—Enable
incoming NetScreen Security Manager (NSM) traffic over SSH.
-
ping—Allow the
device to respond to ICMP echo requests.
-
rlogin—Enable
incoming rlogin (remote login) traffic.
-
rpm—Enable incoming
real-time performance monitoring (RPM) traffic.
-
rsh—Enable incoming
Remote Shell (rsh) traffic.
-
snmp—Enable
incoming SNMP traffic (UDP port 161).
-
snmp-trap—Enable
incoming SNMP traps (UDP port 162).
-
ssh—Enable incoming
SSH traffic.
-
telnet—Enable
incoming Telnet traffic.
-
tftp—Enable
TFTP services.
-
traceroute—Enable
incoming traceroute traffic (UDP port 33434).
-
xnm-ssl— Enable
incoming JUNOScript-over-SSL traffic for all specified interfaces.
-
xnm-clear-text—Enable
incoming JUNOScript traffic for all specified interfaces.
-
except—(Optional) except can only be used if
all has been defined.
Usage Guidelines
For configuration instructions and
examples, see the JUNOS Software Security Configuration
Guide.
Required Privilege Level
security—To view this statement
in the configuration.
security-control—To
add this statement to the configuration.
system-services (Zone Host-Inbound Traffic)
Syntax
- system-services {
-
service-name ;
-
service-name <except>;
- }
Hierarchy Level
- [edit security zones security-zone zone-name host-inbound-traffic]
Release Information
Statement introduced in Release 8.5
of JUNOS software.
Description
Specify the types of traffic that can
reach the device for all interfaces in a zone.
This statement is
supported on J-series and SRX-series devices.
Options
-
service-name —Service for which traffic
is allowed. The following services are supported:
-
all—Enable all
possible system services available on the Routing Engine (RE).
-
any-service—Enable
services on entire port range.
-
bootp—Enables
traffic destined to BOOTP and DHCP relay agents.
-
dhcp—Enable
incoming DHCP requests.
-
dns—Enable incoming
DNS services.
-
finger—Enable
incoming finger traffic.
-
ftp—Enable incoming
FTP traffic.
-
ident-reset—Enable
the access that has been blocked by an unacknowledged identification
request.
-
http—Enable
incoming J-Web or clear-text Web authentication traffic.
-
https—Enable
incoming J-Web or Web authentication traffic over Secure Sockets Layer
(SSL).
-
ike—Enable Internet
Key Exchange traffic.
-
netconf SSH—Enable
incoming NetScreen Security Manager (NSM) traffic over SSH.
-
ping—Allow the
device to respond to ICMP echo requests.
-
rlogin—Enable
incoming rlogin (remote login) traffic.
-
rpm—Enable incoming
Real-time performance monitoring (RPM) traffic.
-
rsh—Enable incoming
Remote Shell (rsh) traffic.
-
snmp—Enable
incoming SNMP traffic (UDP port 161).
-
snmp-trap—Enable
incoming SNMP traps (UDP port 162).
-
ssh—Enable incoming
SSH traffic.
-
telnet—Enable
incoming Telnet traffic.
-
tftp—Enable
TFTP services.
-
traceroute—Enables
incoming traceroute traffic (UDP port 33434).
-
xnm-ssl— Enable
incoming JUNOScript-over-SSL traffic for all specified interfaces.
-
xnm-clear-text—Enable
incoming JUNOScript traffic for all specified interfaces.
-
except—(Optional) except can only be used if
all has been defined.
Usage Guidelines
For configuration instructions and
examples, see the JUNOS Software Security Configuration
Guide.
Required Privilege Level
security—To view this statement
in the configuration.
security-control—To
add this statement to the configuration.
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
