[j-nsp] Firewall filter -EX4500
Andy Litzinger
Andy.Litzinger at theplatform.com
Tue Jul 9 09:22:33 EDT 2013
I think your source ip range netmask should be /0, not /32. I.e: 0.0.0.0/0
On Jul 9, 2013, at 6:19 AM, "Brijesh Patel" <brju.patel at gmail.com> wrote:
> Hi All,
>
>
>
> EX4500 firewall filter configuration :
>
>
>
> Connectivity : F5 Load balancer <----- Ex4500 <------ Internet
>
>
>
> I want to configure ex firewall filter configuration , requirement as below
> :
>
>
>
> 1. Allow from any source/internet to specific *destination
> address(F5 load balancer) for any* port for the all network address range
> (i.e. 192.168.246.1/24). Host are specified in *F5Traffic-IP prefi list*
>
> My configuration as below :
>
> test at lab-EX4500-01# run show configuration firewall family inet filter
> incoming_traffic term LB-Traffic
>
> from {
>
> source-address {
>
> 0.0.0.0/32;
>
> }
>
> destination-prefix-list {
>
> F5Traffic-IP;
>
> }
>
> }
>
> then accept;
>
>
>
>
>
> test at lab-EX4500-01# run show configuration policy-options prefix-list *
> F5Traffic-IP*
>
> 192.168.246.8/32;
>
> 192.168.246.9/32;
>
> 192.168.246.225/32;
>
>
>
> test at lab-EX4500-01> show configuration interfaces vlan.500
>
> family inet {
>
> filter {
>
> input incoming_traffic;
>
> }
>
> address 192.168.246.1/24;
>
> }
>
>
>
>
>
> Does my configuration will work OR do I need to specify more in destination
> port ? Pls suggest.
>
>
>
> Many Thanks ,
>
>
>
> Brijesh Patel
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list