[j-nsp] EX Series Firewall Filter Configuration
Jared Gull
jmgull at yahoo.com
Tue Sep 16 12:35:48 EDT 2008
Stefan,
Processing continues even if there is match and an accept/reject on a preceeding filter.
Jared
--- On Tue, 9/16/08, Stefan Fouant <sfouant at gmail.com> wrote:
> From: Stefan Fouant <sfouant at gmail.com>
> Subject: [j-nsp] EX Series Firewall Filter Configuration
> To: "Juniper-Nsp" <juniper-nsp at puck.nether.net>
> Date: Tuesday, September 16, 2008, 9:27 AM
> Folks,
>
> I'm curious if anyone here can answer a question about
> firewall filter
> implementation on the EX Series switches. For input
> packets
> traversing through the switch, the switch process packets
> through the
> Port-Based Firewall Filter (PACL), then the VLAN-Based
> Firewall Filter
> (VACL), and finally the Router-Based Firewall Filter
> (RACL). However,
> I am curious, if a either a PACL or an VACL has match
> conditions which
> match the traffic AND has a terminating action of accept or
> reject/discard, does the packet get processed by the
> ensuing VACLs
> and/or RACLs, or is it immediately allowed through without
> further
> processing (a la normal FF behavior)?
>
> Thanks in advance.
>
> Stefan
>
> --
> Stefan Fouant
> Principal Network Engineer
> NeuStar, Inc. - http://www.neustar.biz
> GPG Key ID: 0xB5E3803D
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list