Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

With SUNRPC ALG enabled, what services are required in a policy to permit NFS traffic?

0

0

Article ID: KB11138 KB Last Updated: 23 Jun 2010Version: 4.0
Summary:
When the NFS clients and NFS servers are located in different zones of a ScreenOS device, a  policy to allow NFS traffic is required. A few choices of how to configure the "service" in a policy are described below.
Symptoms:
Questions:
  • How do you configure a policy to permit NFS traffic?
  • With SUNRPC ALG enabled, what services are required in a policy to permit NFS traffic?
Solution:
To permit NFS traffic, there are a couple of choices to configure a policy, depending on the type of traffic you want to permit:
Example 1 - all Sun RPC traffic - The service "SUN-RPC-ANY" in the policy will permit all Sun RPC traffic.

Example 2 - only NFS traffic - If only NFS traffic is required, then both service  "SUN-RPC-NFS" and "SUN-RPC-MOUNTD" are required in the policy.

Example1:  All Sun RPC traffic, including NFS is permitted.
set policy id 1 from "Untrust" to "Trust"  "nfs_clients" "nfs_servers" "SUN-RPC-ANY" permit log
   
Example2:  Only NFS is permitted.
set policy id 1 from "Untrust" to "Trust"  "nfs_clients" "nfs_servers" "SUN-RPC-MOUNTD" permit log
set policy id 1
set service "SUN-RPC-NFS"
exit


Note:  For more information related to ScreenOS and NFS, refer to the Related Links section below.
 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search