[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]
system-services
See the following sections:
system-services (Interface Host-Inbound Traffic)
Syntax
- system-services {
-
service-name
;
-
service-name
<except>;
- }
Hierarchy Level
- [edit security zones security-zone
zone-name
interfaces
interface-name
host-inbound-traffic]
Release Information
Statement introduced in Release 8.5 of JUNOS software.
Description
Specify the types of traffic that can reach the device on a particular interface.
This statement is supported on J-series and SRX-series devices.
Options
-
service-name
—Service for which traffic is allowed. The following services are supported:
-
all—Enable all possible system services available on the Routing Engine (RE).
-
any-service—Enable services on entire port range.
-
bootp—Enables traffic destined to BOOTP and DHCP relay agents.
-
dhcp—Enable incoming DHCP requests.
-
dns—Enable incoming DNS services.
-
finger—Enable incoming finger traffic.
-
ftp—Enable incoming FTP traffic.
-
ident-reset—Enable the access that has been blocked by an unacknowledged identification request.
-
http—Enable incoming J-Web or clear-text Web authentication traffic.
-
https—Enable incoming J-Web or Web authentication traffic over Secure Sockets Layer (SSL).
-
ike—Enable Internet Key Exchange traffic.
-
netconf SSH—Enable incoming NetScreen Security Manager (NSM) traffic over SSH.
-
ping—Allow the device to respond to ICMP echo requests.
-
rlogin—Enable incoming rlogin (remote login) traffic.
-
rpm—Enable incoming real-time performance monitoring (RPM) traffic.
-
rsh—Enable incoming Remote Shell (rsh) traffic.
-
snmp—Enable incoming SNMP traffic (UDP port 161).
-
snmp-trap—Enable incoming SNMP traps (UDP port 162).
-
ssh—Enable incoming SSH traffic.
-
telnet—Enable incoming Telnet traffic.
-
tftp—Enable TFTP services.
-
traceroute—Enable incoming traceroute traffic (UDP port 33434).
-
xnm-ssl— Enable incoming JUNOScript-over-SSL traffic for all specified interfaces.
-
xnm-clear-text—Enable incoming JUNOScript traffic for all specified interfaces.
-
except—(Optional) except can only be used if all has been defined.
Usage Guidelines
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
system-services (Zone Host-Inbound Traffic)
Syntax
- system-services {
-
service-name
;
-
service-name
<except>;
- }
Hierarchy Level
- [edit security zones security-zone
zone-name
host-inbound-traffic]
Release Information
Statement introduced in Release 8.5 of JUNOS software.
Description
Specify the types of traffic that can reach the device for all interfaces in a zone.
This statement is supported on J-series and SRX-series devices.
Options
-
service-name
—Service for which traffic is allowed. The following services are supported:
-
all—Enable all possible system services available on the Routing Engine (RE).
-
any-service—Enable services on entire port range.
-
bootp—Enables traffic destined to BOOTP and DHCP relay agents.
-
dhcp—Enable incoming DHCP requests.
-
dns—Enable incoming DNS services.
-
finger—Enable incoming finger traffic.
-
ftp—Enable incoming FTP traffic.
-
ident-reset—Enable the access that has been blocked by an unacknowledged identification request.
-
http—Enable incoming J-Web or clear-text Web authentication traffic.
-
https—Enable incoming J-Web or Web authentication traffic over Secure Sockets Layer (SSL).
-
ike—Enable Internet Key Exchange traffic.
-
netconf SSH—Enable incoming NetScreen Security Manager (NSM) traffic over SSH.
-
ping—Allow the device to respond to ICMP echo requests.
-
rlogin—Enable incoming rlogin (remote login) traffic.
-
rpm—Enable incoming Real-time performance monitoring (RPM) traffic.
-
rsh—Enable incoming Remote Shell (rsh) traffic.
-
snmp—Enable incoming SNMP traffic (UDP port 161).
-
snmp-trap—Enable incoming SNMP traps (UDP port 162).
-
ssh—Enable incoming SSH traffic.
-
telnet—Enable incoming Telnet traffic.
-
tftp—Enable TFTP services.
-
traceroute—Enables incoming traceroute traffic (UDP port 33434).
-
xnm-ssl— Enable incoming JUNOScript-over-SSL traffic for all specified interfaces.
-
xnm-clear-text—Enable incoming JUNOScript traffic for all specified interfaces.
-
except—(Optional) except can only be used if all has been defined.
Usage Guidelines
For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
[
Contents]
[
Prev]
[
Next]
[
Index]
[
Report an Error]