Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Junos OS Features Supported in cSRX for Contrail HBF

cSRX Container Firewall provides Layer 4 through 7 secure services for a Contrail HBF in a containerized environment.Table 1 provides a high-level summary of the security features supported on cSRX.

To determine the Junos OS features supported on cSRX, use the Juniper Networks Feature Explorer, a Web-based application that helps you to explore and compare Junos OS feature information to find the right software release and hardware platform for your network. See Feature Explorer.

Table 1: Security Features Supported on cSRX Container Firewall HBF

Security Features

Considerations

Application Tracking (AppTrack)

Understanding AppTrack

Application Firewall (AppFW)

Application Firewall Overview

Application Identification (AppID)

Understanding Application Identification Techniques

Basic Firewall Policy

Understanding Security Basics

Brute force attack mitigation

DoS/DDoS protection

DoS Attack Overview

DoS Attack Overview

Intrusion Prevention System (IPS)

For SRX Series IPS configuration details, see:

Understanding Intrusion Detection and Prevention for SRX Series

IPv4

Understanding IPv4 Addressing

Interfaces

Supports two revenue (ge) interfaces.

Out-of-band management Interface (eth0

In-band interfaces (ge-0/0/0 to ge-0/0/1)

Jumbo Frames

Understanding Jumbo Frames Support for Ethernet Interfaces

SYN cookie protection

Understanding SYN Cookie Protection

Malformed packet protection

Routing

Supports secure-wire mode forwarding only.

Content Security

Includes support for all Content Security functionality on the cSRX platform, such as:

  • Antispam

  • Sophos Antivirus

  • Web filtering

  • Content filtering

For SRX Series Content Security configuration details, see:

Unified Threat Management Overview

For SRX Series Content Security antispam configuration details, see:

Antispam Filtering Overview

User Firewall

Includes support for all user firewall functionality on the cSRX platform, such as:

  • Policy enforcement with matching source identity criteria

  • Logging with source identity information

  • Integrated user firewall with active directory

  • Local authentication

For SRX Series user firewall configuration details, see:

Overview of Integrated User Firewall

Zones and Zone based IP spoofing

Understanding IP Spoofing