Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring Stateful Firewall Actions (SRC CLI)

    You can configure stateful firewall actions for Junos OS ASP policy rules. Stateful firewall actions specify the action to take on packets that match the classify-traffic condition.

    The type of action that you can create depends on the type of policy rule. See Policy Information Model.

    Use the following configuration statements to configure stateful firewall actions:

    policies group name list name rule name stateful-firewall {description description ; }
    policies group name list name rule name stateful-firewall packet-action filter
    policies group name list name rule name stateful-firewall packet-action forward
    policies group name list name rule name stateful-firewall packet-action reject {message-type message-type ; }
    policies group name list name rule name stateful-firewall packet-action parameter {action action ; }

    To configure a stateful firewall action:

    1. From configuration mode, enter the stateful firewall action configuration.
      user@host# edit policies group junos list sfw rule pr stateful-firewall
    2. (Optional) Set the action to take on a packet to one of the following:
      • Filter.
        [edit policies group junos list sfw rule pr stateful-firewall]user@host# set packet-action filter
      • Forward.
        [edit policies group junos list sfw rule pr stateful-firewall]user@host# set packet-action forward
      • Reject. If you set the action to reject, configure the type of ICMP destination unreachable message sent to the client.
        [edit policies group junos list sfw rule pr stateful-firewall]user@host# set packet-action reject message-type message-type
      • Parameter. Before you assign a parameter, you must create a parameter of type packetOperation and commit the parameter configuration.
        [edit policies group junos list sfw rule pr stateful-firewall]user@host# set packet-action parameter action action
    3. (Optional) Enter a description for the stateful firewall action.
      [edit policies group junos list sfw rule pr stateful-firewall]user@host# set description description
    4. (Optional) Verify the stateful firewall action configuration.
      [edit policies group junos list sfw rule pr stateful-firewall]
      user@host# show 
      packet-action {
        reject {
          message-type administratively-prohibited;
        }
      }
      description "Stateful firewall action";

    Modified: 2012-05-02