Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

system-services (Security Zones Interfaces)

Syntax

Hierarchy Level

Description

Specify the types of traffic that can reach the device on a particular interface.

Options

  • service-name —Service for which traffic is allowed. The following services are supported:

    • all—Enable all possible system services available on the Routing Engine (RE).

    • any-service—Enable services on entire port range.

    • bootp—Enable traffic destined to BOOTP and DHCP relay agents.

    • dhcp—Enable incoming DHCP requests.

    • dhcpv6—Enable incoming DHCP requests for IPv6.

    • dns—Enable incoming DNS services.

    • finger—Enable incoming finger traffic.

    • ftp—Enable incoming FTP traffic.

    • http—Enable incoming J-Web or clear-text Web authentication traffic.

    • https—Enable incoming J-Web or Web authentication traffic over Secure Sockets Layer (SSL).

    • ident-reset—Enable the access that has been blocked by an unacknowledged identification request.

    • ike—Enable Internet Key Exchange traffic.

    • netconf SSH—Enable incoming NetScreen Security Manager (NSM) traffic over SSH.

    • ntp—Enable incoming Network Time Protocol (NTP) traffic.

    • ping—Allow the device to respond to ICMP echo requests.

    • r2cp—Enable incoming Radio Router Control Protocol traffic.

    • reverse-ssh—Reverse SSH traffic.

    • reverse-telnet—Reverse Telnet traffic.

    • rlogin—Enable incoming rlogin (remote login) traffic.

    • rpm—Enable incoming real-time performance monitoring (RPM) traffic.

    • rsh—Enable incoming Remote Shell (rsh) traffic.

    • snmp—Enable incoming SNMP traffic (UDP port 161).

    • snmp-trap—Enable incoming SNMP traps (UDP port 162).

    • ssh—Enable incoming SSH traffic.

    • telnet—Enable incoming Telnet traffic.

    • tftp—Enable TFTP services.

    • traceroute—Enable incoming traceroute traffic (UDP port 33434).

    • xnm-clear-text—Enable incoming Junos XML protocol traffic for all specified interfaces.

    • xnm-ssl— Enable incoming Junos XML protocol-over-SSL traffic for all specified interfaces.

  • except—(Optional) except can only be used if all has been defined.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 8.5.

Related Documentation