[j-nsp] Selective packet mode & local traffic

Mark Menzies mark at deimark.net
Thu Aug 9 10:37:49 EDT 2012


Yup, we can do selective packet mode using firewall filters.

Its normally applied in the input direction however, note, it needs to be
on all interfaces where we will see packets that we dont want to send to
the flow module, ie the reply packets as well

As for a script, sadly dont have one, however if you do get one, I would
like to have a copy.  :)

On 9 August 2012 15:13, Phil Mayers <p.mayers at imperial.ac.uk> wrote:

> All,
>
> On the J-series and branch SRX, if you want to use selective packet mode
> (because you want to do IPSec at the same time as MPLS, for example) then,
> as I understand it, you need to exclude traffic *to* the box itself from
> packet mode.
>
> Is this correct?
>
> Does anyone have a handy op-script that will build a prefix list of all
> local IPs, to help with automating this?
> ______________________________**_________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp>
>


More information about the juniper-nsp mailing list