[j-nsp] EX Switch Question
Paul Stewart
paul at paulstewart.org
Thu Jan 10 10:21:07 EST 2013
Thank you - yes, both of those issues you highlighted have created problems
for us .... especially lack of "tcp established"
Paul
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Emmanuel Halbwachs
Sent: January-10-13 9:59 AM
To: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] EX Switch Question
Hello,
Tobias Heister (Thu 2013-01-10 14:31:40 +0100) :
> We have not yet found an EX platform (tried
> 2200/3200/4200/4500/8200) which supported policing on egress (using
> Firewall filters and policing, never tried using QoS)
I don't know for the OP needs but for shure EX4200 does not have:
- syslog in firewall filters
- tcp flags (e. g. established) in firewall filters
in egress (physical or VLAN interface).
Juniper confirmed that this is a hardware limitation. That was the reason we
went MX.
Cheers,
--
Emmanuel Halbwachs Observatoire de Paris
Resp. Réseau/Sécurité 5 Place Jules Janssen
tel : +33 1 45 07 75 54 F 92195 MEUDON CEDEX
véhicules : 11 av. Marcellin Berthelot
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list