Welcome to weblogs.com.pk Sign in | Join | Help

Firewall Filter on Juniper's EX-series Switches


A firewall filters provide rules that define whether to permit or deny packets that are transiting an interface on a switch or router from a source address to a destination address. They can be applied to ports, VLANs, or layer 3 interfaces.

 

The following firewall filter types are supported for EX-series switches:
  • Port (Layer 2) firewall filter—Port firewall filters apply to Layer 2 switch ports. You can apply port firewall filters only in the ingress direction on a physical port.

    Example.
    ge-0/0/0 {
    description "voice priority and tcp and icmp traffic rate-limiting filter at ingress port";
    unit 0 {
        family ethernet-switching {
            filter {
                input ingress-port-voip-class-limit-tcp-icmp;
            }
        }
    }

  • VLAN firewall filter—VLAN firewall filters provide access control for packets that enter a VLAN, are bridged within a LAN, and leave a VLAN. You can apply VLAN firewall filters in both ingress and egress directions on a VLAN. VLAN firewall filters are applied to all packets that are forwarded to or forwarded from the VLAN.

    Example.
    vlans {
        guest-vlan {
            description "restrict guest-to-employee traffic and peer-to-peer applications on guest VLAN";
            filter {
                input ingress-vlan-limit-guest;
            }
        }
    }

  • Router (Layer 3) firewall filter—You can apply a router firewall filter in both ingress and egress directions on Layer 3 (routed) interfaces.

    Example.
    ge-0/1/0 {
        unit 0 {
            description "filter at egress router interface to expedite employee traffic destined for corporate network";
            family inet {
                filter {
                output egress-router-corp-class;
                }
            }
        }
    }

Published Sunday, July 18, 2010 11:09 AM by jahil
Filed under: ,

Comments

Anonymous comments are disabled