TABLE OF CONTENTS As you may have already noticed, there is quite a lot you can do with firewall policies. In this chapter, we will cover some other functionalities that can be configured within policies and interfaces. One of the great strengths of the Juniper firewalls over other vendors is that you can configure many of the Juniper options on a very granular basis. This allows you to make specialized decisions regarding the firewall s behavior for specific conditions, as opposed to being forced to make broad decisions across the whole platform. We will specifically focus on traffic shaping, counting, and policy scheduling in this chapter. Other chapters will cover additional policy topics such as Network Address Translation, user authentication, and attack and prevention.
We will begin this chapter with a discussion of traffic shaping, which is also referred to as traffic management and quality of service ( QoS). This allows you to prioritize the traffic on your network, based upon specific criteria you define. Traffic shaping can be a very complex topic, which entire books have been dedicated to covering, but we will work to demystify this powerful tool, as well as give real-world examples to help you on your way to deploying it on your firewalls. We will then follow our traffic-shaping discussion with other advanced policy topics such as counting and scheduling. These tools can be invaluable in helping you configure top-notch functionality on your firewalls.
A common theme in modern networking is how to balance...
