Hi, In the ES version, there is a 1M-session potential bomb for J6530, according to the spec sheet.
Start from 9.4, there is no non-ES version JUNOS for J-series box. I am wondering if the command provided in KB can completely turns the ES version JUNOS into non-ES version. Which means make the J-router forgets there is a concept of "session". -- Michel~ On Mon, Apr 6, 2009 at 8:02 PM, Tim Eberhard <xmi...@gmail.com> wrote: > That KB is to turn Junos-ES into a router device.. > > the first part: > no-syn-check; > no-syn-check-in-tunnel; > no-sequence-check; > > Basically turns off *all* state full tcp. At that point you might as well be > using stateless acl's. > > The next portion is to disable the ALG's (application layer gateways). Again > if the end goal here is to use this device as a router, I agree with it. > > If you're trying to use the security{} options as a firewall then do *not* > follow that KB. > > Good luck, > -Tim Eberhard _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp