 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
To configure the ABC zone to allow use of all of the supported application services as inbound services, enter the following statements in Configure mode:
- user@host# set security zones security-zone ABC host-inbound-traffic
system-services all
In the following example, FTP and telnet are enabled for interfaces ge-0/0/1.3 and ge-0/0/1. You must configure FTP and telnet at the interface level, not the zone level. For incoming FTP and telnet requests to be recognized, the interface must be known to the server.
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.3 host-inbound-traffic system-services ftp
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.1 host-inbound-traffic system-services telnet
In the following example, FTP and telnet are enabled for interface ge-0/0/1.3 and only SNMP is enabled for interface ge-0.0/1.1.
- user@host# set security zones security-zone
ABC interfaces ge-0/0/1.3 host-inbound-traffic system-services ftp
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.3 host-inbound-traffic system-services telnet
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.1 host-inbound-traffic system-services snmp
You can use the all option to allow all configurable system services and use the except option to exclude certain services. In this example, all configurable system services are permitted on interface ge-0/0/1.3, except Telnet.
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.3 host-inbound-traffic system-services all
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.3 host-inbound-traffic system-services telnet except
In the following example, all configurable system services are permitted on interface ge-0/0/1.1, except HTTP and FTP.
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.1 host-inbound-traffic system-services all
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.1 host-inbound-traffic system-services http except
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.3 host-inbound-traffic system-services ftp except
In the following example, telnet and FTP are enabled for security zone ABC/interface ge-0/0/1.1, but there is an interface override that takes priority and only SNMP is allowed on interface ge-0/0/1.3.
- user@host# set security zones security-zone ABC host-inbound-traffic
system-services telnet
- user@host# set security zones security-zone ABC host-inbound-traffic
system-services ftp
- user@host# set security zones security-zone ABC interfaces
ge-0/0/1.3 host-inbound-traffic system-services snmp
If you are finished configuring the device, commit the configuration.
Another view of the previous configuration:
security zones
security-zone ABC {
host-inbound-traffic {
system-services {
telnet;
ftp;
}
}
interfaces {
ge-0/0/1.1;
ge-0/0/1.3 {
host-inbound-traffic {
system-services {
snmp;
}
}
}
}
For more information on host-inbound traffic parameters, see the JUNOS Software CLI Reference.
| Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |