Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Firewall Filter Types for EX-series Ethernet Switches

0

0

Article ID: KB10968 KB Last Updated: 05 Mar 2017Version: 5.0
Summary:
Firewall filters provide rules that define whether to permit or deny packets that are transiting an interface on a switch or router from a source address to a destination address. They can be applied to ports, VLANs, or layer 3 interfaces.
Symptoms:

Solution:
The following firewall filter types are supported for EX-series switches:
  • Port (Layer 2) firewall filter—Port firewall filters apply to Layer 2 switch ports. You can apply port firewall filters only in the ingress direction on a physical port.

    Example.

    ge-0/0/0 {
    description "voice priority and tcp and icmp traffic rate-limiting filter at ingress port";
    unit 0 {
        family ethernet-switching {
            filter {
                input ingress-port-voip-class-limit-tcp-icmp;
            }
        }
    }


  • VLAN firewall filter—VLAN firewall filters provide access control for packets that enter a VLAN, are bridged within a LAN, and leave a VLAN. You can apply VLAN firewall filters in both ingress and egress directions on a VLAN. VLAN firewall filters are applied to all packets that are forwarded to or forwarded from the VLAN.

    Example.

    vlans {
        guest-vlan {
            description "restrict guest-to-employee traffic and peer-to-peer applications on guest VLAN";
            filter {
                input ingress-vlan-limit-guest;
            }
        }
    }


  • Router (Layer 3) firewall filter—You can apply a router firewall filter in both ingress and egress directions on Layer 3 (routed) interfaces.

    Example.

    ge-0/1/0 {
        unit 0 {
            description "filter at egress router interface to expedite employee traffic destined for corporate network";
            family inet {
                filter {
                output egress-router-corp-class;
                }
            }
        }
    }

NOTE:
To apply a firewall filter, you must:
  1. Configure the firewall filter.
  2. Apply the firewall filter to a port, VLAN, or router interface.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search