Skip to content

Support



Juniper was the first North American IP routing vendor to achieve the prestigious TL 9000 certification by the Quality of Excellence for Suppliers of Telecommunications (QuEST) Forum in the router category, for design, development, provision and service and support.



What is J-Care?

It's the world-class service and support that you expect from a company that delivers the industry's best infrastructure and security products. With J-Care, you now have the confidence knowing that Juniper will do our part to keep you on top of the world!


Understanding How Firewall Filters Test a Packet's Protocol

When examining match conditions, JUNOS software for EX-series switches tests only the field that is specified. The software does not implicitly test the IP header to determine whether a packet is an IP packet. Therefore, in some cases, you should specify protocol field match conditions in conjunction with other match conditions to ensure that the filters are performing the expected matches.

If you specify a protocol match condition or a match of the ICMP type or TCP flags field, there is no implied protocol match. For the following match conditions, you should explicitly specify the protocol match condition in the same term:

  • destination-port—Specify the match protocol tcp or protocol udp.
  • source-port—Specify the match protocol tcp or protocol udp.

If you do not specify the protocol when using the preceding fields, design your filters carefully to ensure that they perform the expected matches. For example, if you specify a match of destination-port ssh, the switch deterministically matches any packets that have a value of 22 in the two-byte field that is two bytes beyond the end of the IP header without ever checking the IP protocol field.