[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

rule

See the following sections:

rule (Destination NAT)

Syntax



rule    
         rule-name            {


match {
destination-address                destination-address             ;
destination-port                port-number             ;
source-address [source-address];
}




then {
destination-nat (off | pool                pool-name         
   );
}


}

Hierarchy Level



[edit security nat destination
rule-set            rule-set-name         ]

Release Information

Statement introduced in Release 9.2 of JUNOS software.

Description

Define a destination NAT rule.

This statement is supported on SRX-series devices.

Options

rule-name —Name of the destination NAT rule.
The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

rule (Exempt Rulebase)

Syntax



rule    
         rule-name            {
description              text           ;


match {


attacks {
custom-attacks [ attack-name
];
predefined-attack-groups
[ attack-name ];
predefined-attacks [ attack-name
];
}


destination-address [ address-name
];
destination-except [ address-name
];
from-zone                zone-name             ;
source-address [ address-name
];
source-except [ address-name
];
to-zone  
             zone-name             ;
}


}

Hierarchy Level



[edit security idp idp-policy            policy-name          rulebase-exempt]

Release Information

Statement introduced in Release 9.2 of JUNOS software.

Description

Specify exempt rule to create, modify, delete, and reorder the rules in a rulebase.

This statement is supported on SRX-series devices.

Options

rule-name —Name of the exempt rulebase rule.
The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

rule (IPS Rulebase)

Syntax



rule    
         rule-name            {
description              text           ;


match {


attacks {
custom-attacks [ attack-name
];
predefined-attack-groups
[ attack-name ];
predefined-attacks [ attack-name
];
}


destination-address [ address-name
];
destination-except [ address-name
];
from-zone                zone-name             ;
source-address [ address-name
];
source-except [ address-name
];
to-zone  
             zone-name             ;
}


terminal;


then {


action {
(close-client | close-client-and-server
| close-server |
drop-connection | drop-packet
| ignore-connection | 
mark-diffserv                  value                |
no-action | recommended);
}




ip-action {
(ip-block | ip-close | ip-notify);
log;
target (destination-address
| service | source-address | 
source-zone | zone-service);
timeout  
               seconds               ;
}




notification {


log-attacks {
alert;(
}


}


severity (critical | info
| major | minor | warning);
}


}

Hierarchy Level



[edit security idp idp-policy            policy-name          rulebase-ips]

Release Information

Statement introduced in Release 9.2 of JUNOS software.

Description

Specify IPS rule to create, modify, delete, and reorder the rules in a rulebase.

This statement is supported on SRX-series devices.

Options

rule -name —Name of the IPS rulebase rule.
The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

rule (Source NAT)

Syntax



rule    
         rule-name            {


match {
destination-address [destination-address];
source-address [source-address];
}




then {
source-nat (off | interface
| pool                pool-name             );
}


}

Hierarchy Level



[edit security nat source
rule-set            rule-set-name         ]

Release Information

Statement introduced in Release 9.2 of JUNOS software.

Description

Define a source NAT rule.

This statement is supported on SRX-series devices.

Options

rule-name —Name of the source NAT rule.
The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

rule (Static NAT)

Syntax



rule    
         rule-name            {


match {
destination-address [destination-address];
}




then {
static-nat prefix <               addr-prefix       
     >
<routing-instance                routing-instance-name             >;
}


}

Hierarchy Level



[edit security nat static
rule-set            rule-set-name         ]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Define a static NAT rule.

This statement is supported on SRX-series devices.

Options

rule-name —Name of the static NAT rule.
The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]