[j-nsp] Firewall filter for system service ssh on outside interface?

Chris Morrow morrowc at ops-netman.net
Thu Oct 13 09:42:31 EDT 2011



On 10/13/2011 09:40 AM, Daniel M Daloia Jr wrote:
> Hi Folks,
> 
> Is there any reason why I shouldn't allow ssh access to a remote SRX
> with a firewall filter only allowing a single network on an untrust
> (reth) interface? Maybe should create a loopback instead, allow
> system-services ssh,  and apply the filter there? My thought for
> using a lo interface is why force all traffic through the filter just
> for a system service?

use the loopback filter.


More information about the juniper-nsp mailing list