Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I have a hard time finding any definitive information on what exact features work / exist in packet mode (set security forwarding-options family mpls mode packet-based).
Security policies / NAT are of course not working, but what about zones? Do they exist? What else is still there? Or better: what is NOT working with packet-based mode?
Regards,
Pawel Mazurkiewicz
In packet mode, SRX processes the traffic as a traditional router on a per-packet basis. It supports only stateless firewall filter in this mode. Other firewall features like security zones, stateful firewall, NAT, IPSec, UTM services will not be supported in this mode.
https://kb.juniper.net/InfoCenter/index?page=content&id=KB30461
https://www.youtube.com/watch?v=YYHxcT8ZYiE
Everything under the security stanza does not work in packet-mode:
security policies, NAT, IPsec VPN, zones, screens, ALGs and security features like IPS, UTM and Sky ATP.
I guess macsec would work. 😉 - but I know what you mean.
Thanks Jonas!