Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/QFX] How to provide SSH access to specific IP addresses and restrict SSH access to all other IP addresses

0

0

Article ID: KB24764 KB Last Updated: 17 Aug 2020Version: 3.0
Summary:

This article explains how to provide SSH access to certain IP addresses and restrict SSH access to all other IP addresses.

 

Solution:

The above requirement can be achieved by creating firewall filters. The following example provides a sample configuration to allow SSH access only for two IP addresses - 10.1.1.10 and 40.1.1.10 and have the rest of the IP addresses in any other VLAN access other traffic, except SSH.

To achieve this, a loopback interface is created and the firewall filter is applied to it.

The minimum configuration that is required for the loopback interface is given here:

set interfaces lo0 unit 0 family inet 

The firewall filter is created:

user@switch# run show configuration |display set |match fire
set firewall family inet filter 1 term 1 from source-address 10.1.1.10/32
set firewall family inet filter 1 term 1 from source-address 40.1.1.10/32
set firewall family inet filter 1 term 1 from destination-port ssh
set firewall family inet filter 1 term 1 then accept
set firewall family inet filter 1 term 2 from source-address 0.0.0.0/0
set firewall family inet filter 1 term 2 from destination-port ssh
set firewall family inet filter 1 term 2 then discard
set firewall family inet filter 1 term 3 then accept

The filter is then applied to the loopback interface:

set interfaces lo0 unit 0 family inet filter input 1

Note: If you wish to permit or deny any IP address, change the above configuration as required.

 

Modification History:

2020-08-17: Article reviewed for accuracy; no changes required; article valid and relevant

 

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search