 |
A firewall filter with a large number of terms can adversely affect both the configuration commit time and the performance of the Routing Engine. |
A stateless firewall filter can filter packets transiting the Services Router from a source to a destination, or packets originating from, or destined for, the Routing Engine. Stateless firewall filters applied to the Routing Engine interface protect the processes and resources owned by the Routing Engine.
You can apply a stateless firewall filter to an input or output interface, or to both. Every packet, including fragmented packets, is evaluated against stateless firewall filters.
All firewall filters contain one or more terms, and each term consists of two components—match conditions and actions. The match conditions define the values or fields that the packet must contain to be considered a match. If a packet is a match, the corresponding action is taken. By default, a packet that does not match a firewall filter is discarded.
|
A firewall filter with a large number of terms can adversely affect both the configuration commit time and the performance of the Routing Engine. |
For more information about firewall filters, see Configuring IPSec for Secure Packet Exchange and the JUNOS Policy Framework Configuration Guide. For more information about NAT, see the JUNOS Services Interfaces Configuration Guide.