There used to be the following hidden command up to 8.5ES to switch
back:
set security forwarding-options family inet mode packet-based
Looking at a v9.0ES box, it looks like packet-based is now available
only for iso, inet6 and mpls
On 08/04/2009, at 2:20 AM, Michel de Nostredame wrote:
Hi,
In the ES version, there is a 1M-session potential bomb for J6530,
according to the spec sheet.
Start from 9.4, there is no non-ES version JUNOS for J-series box. I
am wondering if the command provided in KB can completely turns the ES
version JUNOS into non-ES version. Which means make the J-router
forgets there is a concept of "session".
--
Michel~
On Mon, Apr 6, 2009 at 8:02 PM, Tim Eberhard <xmi...@gmail.com> wrote:
That KB is to turn Junos-ES into a router device..
the first part:
no-syn-check;
no-syn-check-in-tunnel;
no-sequence-check;
Basically turns off *all* state full tcp. At that point you might as
well be
using stateless acl's.
The next portion is to disable the ALG's (application layer
gateways). Again
if the end goal here is to use this device as a router, I agree with
it.
If you're trying to use the security{} options as a firewall then do
*not*
follow that KB.
Good luck,
-Tim Eberhard
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
