mode (Security Forwarding Options)
Syntax
mode (drop | flow-based | packet-based);
Hierarchy Level
[edit security forwarding-options family inet6]
Description
Specify forwarding options for IPv6 traffic.
Options
drop—Drop IPv6 packets. This is the default setting.flow-based—Perform flow-based packet forwarding.packet-based—Perform simple packet forwarding.Note:Packet-based processing is not supported on the following SRX Series Firewalls: SRX5400, SRX5600, and SRX5800.
Starting with Junos OS Release 15.1X49-D70, on SRX1500, SRX4100, SRX4200, SRX5400, SRX5600, SRX5800 devices, the default mode is changed from drop mode to flow based mode.
If you change the forwarding option mode for IPv6, you might have to perform a reboot to initialize the configuration change. Table 1 summarizes device status upon configuration change.
Starting with Junos OS Release 15.1X49-D70, on SRX5400, SRX5600, and SRX5800 devices, reboot is not required when you change the modes between flow-based mode and drop mode.
Configuration Change |
Commit Warning |
Reboot Required |
Impact on Existing Traffic Before Reboot |
Impact on New Traffic Before Reboot |
|---|---|---|---|---|
Drop to flow-based |
Yes |
Yes |
Dropped |
Dropped |
Drop to packet-based |
No |
No |
Packet-based |
Packet-based |
Flow-based to packet-based |
Yes |
Yes |
None |
Flow sessions created |
Flow-based to drop |
Yes |
Yes |
None |
Flow sessions created |
Packet-based to flow-based |
Yes |
Yes |
Packet-based |
Packet-based |
Packet-based to drop |
No |
No |
Dropped |
Dropped |
Required Privilege Level
security—To view this in the configuration.
security-control—To add this to the configuration.
Release Information
Support on SRX Series Firewalls for flow-based mode for family inet6 added in Junos OS Release 10.2.