Configuring Service Rules

You specify the collection of rules and rule sets that constitute the service set. The router performs rule sets in the order in which they appear in the configuration. You can include only one rule set for each service type. You configure the rule names and content for each service type at the [edit services name] hierarchy level for each type:

• You configure intrusion detection service (IDS) rules at the [edit services ids] hierarchy level; for more information, see Intrusion Detection Service Configuration Guidelines.
• You configure IP Security (IPSec) rules at the [edit services ipsec-vpn] hierarchy level; for more information, see IPSec Services Configuration Guidelines.
• You configure Network Address Translation (NAT) rules at the [edit services nat] hierarchy level; for more information, see Network Address Translation Services Configuration Guidelines.
• You configure Packet Gateway Control Protocol (PGCP) rules at the [edit services pgcp] hierarchy level; for more information, see Packet Gateway Configuration Guidelines.
• You configure stateful firewall rules at the [edit services stateful-firewall] hierarchy level; for more information, see Stateful Firewall Services Configuration Guidelines.

To configure the rules and rule sets that constitute a service set, include the following statements at the [edit services service-set service-set-name] hierarchy level:

For each service type, you can include one or more individual rules, or one rule set.

If you configure a service set with IPSec rules, it must not contain rules for any other services. You can, however, configure another service set containing rules for the other services and apply both service sets to the same interface.