Name
|
Modify the zone name.
|
Description
|
Modify the description of the zone.
|
Application Tracking
|
Enable this option to maintain the application usage
statistics on a device.
By default, when each session closes, application track generates
a message that provides the byte and packet counts and duration of
the session, and then sends the message to the syslog host device.
|
Interfaces
|
Select the interfaces from the Available column to include
in the selected list for the zones.
|
System Services
|
Is Except
|
Select this option to disable specific incoming system
service traffic, but only when the all system services option is defined.
The following system services are supported:
all—Enable traffic from the defined system services
available on the Routing Engine (RE). Use the Is Except option to
disallow specific system services.
any-service—Enable all system services on the entire
port range including the system services that are not defined.
dns—Enable incoming DNS services.
finger—Enable incoming finger traffic.
ftp—Enable incoming FTP traffic.
http—Enable incoming Web authentication traffic.
https—Enable incoming Web authentication traffic
over Secure Sockets Layer (SSL).
ident-reset—Enable the access that has been blocked
by an unacknowledged identification request.
ike—Enable Internet Key Exchange (IKE) traffic.
Isping—Enable label switched path ping service.
netconf—Enable incoming NETCONF service.
ntp—Enable incoming Network Time Protocol (NTP)
traffic.
ping—Allow the device to respond to ICMP echo requests.
r2cp—Enable incoming Radio Router Control Protocol
traffic.
reverse-ssh—Reverse SSH traffic.
reverse-telnet—Reverse Telnet traffic.
rlogin—Enable incoming rlogin (remote login) traffic.
rpm—Enable incoming real-time performance monitoring
(RPM) traffic.
rsh—Enable incoming remote shell (rsh) traffic.
sip—Enable incoming Session Initiation Protocol
traffic.
snmp—Enable incoming SNMP traffic (UDP port 161).
snmp-trap—Enable incoming SNMP traps (UDP port 162).
ssh—Enable incoming SSH traffic.
telnet—Enable incoming Telnet traffic.
tftp—Enable TFTP services.
traceroute—Enable incoming traceroute traffic (UDP
port 33434).
xnm-clear-text—Enable incoming Junos XML protocol
traffic for all specified interfaces.
xnm-ssl—Enable incoming Junos XML protocol-over-SSL
traffic for all specified interfaces.
|
Protocols
|
Is Except
|
Select this option to disable specific incoming protocol
traffic, but only when the all protocol option is defined.
The following protocols are supported:
all—Enable traffic from all possible protocols available.
Use the Is Except option to disallow specific protocols.
bfd—Enable incoming Bidirectional Forwarding Detection
(BFD) protocol traffic.
bgp—Enable incoming BGP traffic.
dvmrp—Enable incoming Distance Vector Multicast
Routing Protocol (DVMRP) traffic.
igmp—Enable incoming Internet Group Management Protocol
(IGMP) traffic.
ldp—Enable incoming LDP traffic (UDP and TCP port
646).
msdp—Enable incoming Multicast Source Discovery
Protocol (MSDP) traffic.
nhrp—Enable incoming Next Hop Resolution Protocol
(NHRP) traffic.
ospf—Enable incoming OSPF traffic.
ospf3—Enable incoming OSPF version 3 traffic.
pgm—Enable incoming Pragmatic General Multicast
(PGM) protocol traffic (IP protocol number 113).
pim—Enable incoming Protocol Independent Multicast
(PIM) traffic.
rip—Enable incoming RIP traffic.
ripng—Enable incoming RIP next generation traffic.
router-discovery—Enable incoming router discovery
traffic.
rsvp—Enable incoming RSVP traffic (IP protocol number
46).
sap—Enable incoming Session Announcement Protocol
(SAP) traffic. SAP always listens on 224.2.127.254:9875. New addresses
and ports can be added dynamically. This information must be propagated
to the Packet Forwarding Engine (PFE).
vrrp—Enable incoming Virtual Router Redundancy Protocol
(VRRP) traffic.
|
Traffic Control
Options
|
TCP Rst
|
Enable this option to send a TCP packet with the RST
(reset) flag set to 1 in response to a TCP packet with any flag other
than SYN set and that does not belong to an existing session.
|
Screen
|
Select a security screen for a security zone to detect
and block various kinds of traffic that the device determines as potentially
harmful.
|
Interface Services and Protocols
|
Display the selected interfaces and system services and
protocols for the interface.
|