Navigation
Services Configuration Procedure
You follow these general steps to configure services:
- Define application objects by configuring statements at the [edit applications] hierarchy level.
- Define service rules by configuring statements at the [edit services (ids | ipsec-vpn | nat | stateful-firewall) rule] hierarchy level.
- Group the service rules by configuring the rule-set statement at the [edit services (ids | ipsec-vpn | nat | stateful-firewall)] hierarchy level.
- Group service rule sets under a service-set definition by configuring the service-set statement at the [edit services] hierarchy level.
- Apply the service set on an interface by including the service-set statement at the [edit interfaces interface-name unit logical-unit-number family inet service (input | output)] hierarchy level. Alternatively,
you can configure logical interfaces as a next-hop destination by
including the next-hop-service statement at the [edit services service-set service-set-name] hierarchy
level.
Note: You can configure IDS, NAT, and stateful firewall service rules within the same service set. You must configure IPsec services in a separate service set, although you can apply both service sets to the same PIC.
