[j-nsp] EX-4200 Firewall Filter Placement
Mark Tinka
mtinka at globaltransit.net
Tue Apr 27 12:30:35 EDT 2010
On Tuesday 27 April 2010 07:00:43 pm Walaa Abdel razzak
wrote:
> I have EX-4200 switch with JUNOS 9.6R2.11. all interfaces
> are put in VLAN 1 and L3 interface is configured in the
> same VLAN for reachability. I need to know what is the
> best place to put the firewall filter on the switch (lo0
> or vlan.1 or uplink interface).
If the firewall is meant to filter traffic destined for the
switch, e.g., SSH, TACACS+, e.t.c., place it on the Loopback
interface in the inbound direction.
If the firewall is meant to filter traffic transiting the
switch, e.g., BCP-38, filtering of user traffic, e.t.c.,
place it on the l3 interface in the appropriate direction.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20100428/3564470d/attachment.bin>
More information about the juniper-nsp
mailing list