[j-nsp] Selective packet mode & local traffic

Wayne Tucker wayne at tuckerlabs.com
Fri Aug 10 11:33:39 EDT 2012


You can probably achieve that using apply-path.  This book has several
good examples:

http://www.juniper.net/us/en/community/junos/training-certification/day-one/fundamentals-series/securing-routing-engine/

:w


On Thu, Aug 9, 2012 at 7:37 AM, Mark Menzies <mark at deimark.net> wrote:
> Yup, we can do selective packet mode using firewall filters.
>
> Its normally applied in the input direction however, note, it needs to be
> on all interfaces where we will see packets that we dont want to send to
> the flow module, ie the reply packets as well
>
> As for a script, sadly dont have one, however if you do get one, I would
> like to have a copy.  :)
>
> On 9 August 2012 15:13, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
>
>> All,
>>
>> On the J-series and branch SRX, if you want to use selective packet mode
>> (because you want to do IPSec at the same time as MPLS, for example) then,
>> as I understand it, you need to exclude traffic *to* the box itself from
>> packet mode.
>>
>> Is this correct?
>>
>> Does anyone have a handy op-script that will build a prefix list of all
>> local IPs, to help with automating this?
>> ______________________________**_________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp>
>>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list