Loading the Stateful Firewall Plug-In

As of JUNOS Release 9.5, a stateful firewall plug-in is provided as part of the jbundle package. To load this plug-in on the PIC, include the package jservices-sfw statement at the [edit chassis fpc slot-number pic slot-number adaptive-services service-package extension-provider] hierarchy level. For example:

user@host# show chassis

fpc 0 {
    pic 2 {
        adaptive-services {
            service-package {
                extension-provider {
                    control-cores 1;
                    data-cores 4;
                    object-cache-size 128;
                    package jservices—sfw; #Loads stateful firewall plug-in.
                    policy-db-size 64;
                }
            }
        }
    }
}

You can load both the jservices-sfw package and a JUNOS SDK application package on the same PIC.

The following example demonstrates the stateful firewall plug-in coexisting with a provider’s plug-in:

[edit services]service-set sset {interface-service {service-interface ms-0/0/0.0;}stateful-firewall-rules rule1;extension-service customer-plugin;service-order [stateful-firewall customer-plugin];}stateful-firewall {rule rule1 {match-direction input-output;term term1 {from {applications junos-ftp;}then {accept;}}}rule rule2 {match-direction input;term term1 {from {source-address {192.1.1.2/32;}then {reject;syslog;}}}}}

Loading the Stateful Firewall Plug-In

Related Topics