[j-nsp] EX4200 RE firewall filter capabilities
Sebastian Wiesinger
juniper-nsp at ml.karotte.org
Mon Mar 12 11:30:42 EDT 2012
Hi all,
the EX4200 has really limited firewall capabilities for filters on
lo0, at least when you try to port a filter from the MX platform.
A few things I encountered:
1) input-list is not supported
2) "port" statement is not supported (only source-/destination-port)
3) Many features are not available on input loopback filters:
Referenced filter 'protect-re' can not be used as policer not supported on ingress loopback interface
Referenced filter 'protect-re' can not be used as log not supported on ingress loopback interfac
Referenced filter 'protect-re' can not be used as ttl not supported on ingress loopback interface
Referenced filter 'protect-re' can not be used as tcp-established not supported on ingress loopback interface
The box is running JunOS 10.4R9. Any ideas if the firewall support
can/will be improved in future releases?
Regards
Sebastian
--
GPG Key: 0x93A0B9CE (F4F6 B1A3 866B 26E9 450A 9D82 58A2 D94A 93A0 B9CE)
'Are you Death?' ... IT'S THE SCYTHE, ISN'T IT? PEOPLE ALWAYS NOTICE THE SCYTHE.
-- Terry Pratchett, The Fifth Elephant
More information about the juniper-nsp
mailing list