Example: Service Interfaces Configuration

The following configuration includes all the items necessary to configure services on an interface. For examples showing individual service configurations, see the chapters that describe each service in detail.

[edit]interfaces {fe-0/1/0 {unit 0 {family inet {service {input {service-set Firewall-Set;}output {service-set Firewall-Set;}}address 10.1.3.2/24;}}}fe-0/1/1 {unit 0 {family inet {filter {input Sample;}address 172.16.1.2/24;}}}sp-1/0/0 {unit 0 {family inet {address 172.16.1.3/24 {}}}}}forwarding-options {sampling {input {family inet {rate 1;}}output {cflowd 10.1.3.1 {port 2055;version 5;}flow-inactive-timeout 15;flow-active-timeout 60;interface sp-1/0/0 {engine-id 1;engine-type 136;source-address 10.1.3.2;}}}}firewall {filter Sample {term Sample {then {count Sample;sample;accept;}}}}services {stateful-firewall {rule Rule1 {match-direction input;term 1 {from {application-sets Applications;}then {accept;}}term accept {then {accept;}}}rule Rule2 {match-direction output;term Local {from {source-address {10.1.3.2/32;}}then {accept;}}}}ids {rule Attacks {match-direction output;term Match {from {application-sets Applications;}then {logging {syslog;}}}}}nat {pool public {address-range low 172.16.2.1 high 172.16.2.32;port automatic;}rule Private-Public {match-direction input;term Translate {then {translated {source-pool public;translation-type source dynamic;}}}}}service-set Firewall-Set {stateful-firewall-rules Rule1;stateful-firewall-rules Rule2;nat-rules Private-Public;ids-rules Attacks;interface-service {service-interface sp-1/0/0;}}}applications {application ICMP {application-protocol icmp;}application FTP {application-protocol ftp;destination-port ftp;}application-set Applications {application ICMP;application FTP;}}
Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.