Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to block uni-directional inter-vlan TCP communication from one VLAN to another VLAN

0

0

Article ID: KB24217 KB Last Updated: 05 Mar 2017Version: 2.0
Summary:
This article provides an example of how to block unidirectional inter-vlan TCP communication from one VLAN to another VLAN.


Symptoms:
 
Cause:
 
Solution:

Scenario:

The host on VLAN 10 can reach the host on VLAN 20, with the requirement to block the TCP connections originated from vlan 10 only.

Topology:

  • A firewall filter is used to achieve this requirement by filtering traffic based on TCP flags.
  • This firewall filter discards any SYN packet but not the ACK packet from source (192.168.5.0) to the destination (192.168.4.0)
user@switch#set firewall family ethernet-switching filter F1 term T1 from source-address 192.168.5.0/24
user@switch#set firewall family ethernet-switching filter F1 term T1 from destination-address 192.168.4.0/24
user@switch#set firewall family ethernet-switching filter F1 term T1 from protocol tcp
user@switch#set firewall family ethernet-switching filter F1 term T1 from tcp-flags "syn&!ack"
user@switch#set firewall family ethernet-switching filter F1 term T1 then discard
user@switch#set firewall family ethernet-switching filter F1 term T2 then accept
user@switch#set vlans vlan20 filter input F1
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search