Stateful Firewall Services Configuration Guidelines

To configure stateful firewall services, include the stateful-firewall statement at the [edit services] hierarchy level:

[edit services]stateful-firewall {rule rule-name {match-direction (input | output | input-output);term term-name {from {application-sets set-name;applications [ application-names ];destination-address (address | any-unicast) <except>;destination-address-range low minimum-value high maximum-value <except>;destination-prefix-list list-name <except>;source-address (address | any-unicast) <except>;source-address-range low minimum-value high maximum-value <except>;source-prefix-list list-name <except>;}then {(accept | discard | reject);allow-ip-options [ values ];syslog;}}}rule-set rule-set-name {[ rule rule-names ];}}

This chapter contains the following sections:

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.