Upload
son-tran-hong-nam
View
2
Download
1
Embed Size (px)
DESCRIPTION
srx packet mode
Citation preview
SRX packet modeJunOS can have two modes which are Flow and Packet mode in the following devices;
J-series services routers (I think after 9.3 version). This is also called junos enhanced services (junos-es)
SRX security devices
In default configuration SRX devices work in flow mode by which security policies are in place and unless otherwise allowed, packets are dropped i.e it works as a firewall device. What if you want to configure SRX as a router only device for this you should change from flow mode to packet mode as below.
123456
root@srx# show security forwarding-optionsfamily { mpls { mode packet-based; }}
or as SET command
1 #set security forwarding-options family mpls mode packet-based
For this config to commit properly, you must deactive/remove security policies otherwise you will receive the following warning;
1 root@host# show
root@srx# show security forwfamily { mpls { mode packet-based;
#set security forw arding-option
root@host# show#### Warning: MPLS mode packet##
234567
#### Warning: MPLS mode packet-based not allowed when [security policies] are configured.##mpls { mode packet-based;}
Commit the config and reboot the device as this is required
12
#commit>request system reboot
To check the flow mode after the reboot;
12345678910111213
root@srx> show security flow status Flow forwarding mode: Inet forwarding mode: packet based <<<<<<--Now we are working as a router Inet6 forwarding mode: drop MPLS forwarding mode: packet based ISO forwarding mode: drop Flow trace status Flow tracing status: off Flow session distribution Distribution mode: RR-based Flow ipsec performance acceleration: off Flow packet ordering Ordering mode: Hardware
#commit>request system reboot
root@srx> show security f low Flow forw arding mode: Inet forw arding mode: packet Inet6 forw arding mode: drop