09-30-2009 04:22 AM
I understand that the J-Series simulates the AS PIC as a software process, but here is my problem (which will be me not understanding).
I have access to a j4350 running 8.5 Enhanced Services, and when I do a show interface terse, I do not see the sp interface listed (although I can create it). Also, I dont seem to have a services hierarchy which all the training documents reference, only a security hierarchy (which I thought only came with the ASM) which does not include statefull firewall setup.
If anyone can shed any light on what I should expect to see and when, I would be very grateful. I am moving over from Cisco to Juniper and am trying to grasp the concept of services and services sets.
09-30-2009 08:27 AM
The AS PIC is not emulated when running the Enhanced Services version of JunOS. If you move the regular version of JunOS for the J-series then the AS PIC is emulated and all of the pseudo interfaces appear. 9.3 is the last release of regular JunOS for J-series. Subsequent releases will all be Enhanced Services
09-30-2009 02:26 PM
Not really certain how that is accomplished in the Enhanced Services version of software. I'm still only running the non-ES software.
10-07-2009 11:25 PM
Enhanced Services version is stateful firewall by default. You do not configure service-sets as such. In fact Enhanced Services version moves all services (nat, ipsec, stateful firewall) to security hierarchy. So you would need to put all interfaces within a security zone and apply security policies between zones. I would recommend reviewing J-Series Security Guides from here.