[j-nsp] Firewall filter -EX4500

Morgan McLean wrx230 at gmail.com
Tue Jul 9 19:52:20 EDT 2013


Correct, it should be 0/0 but also are you doing NAT anywhere? The internet
won't be going to 192.168.x.x directly.

Morgan


On Tue, Jul 9, 2013 at 3:56 PM, Chris Kawchuk <juniperdude at gmail.com> wrote:

> And you can omit the "source-address"  (i.e. it ignores the source IP now)
> and it matches all source IP traffic.
>
> from {
>  destination-prefix-list {
>       F5Traffic-IP;
>  }
> then {
>  accept;
> }
>
>
>
> On 09/07/2013, at 11:22 PM, Andy Litzinger <Andy.Litzinger at theplatform.com>
> wrote:
>
> > I think your source ip range netmask should be /0, not /32.  I.e:
> 0.0.0.0/0
> >
> >
> >>
> >> from {
> >>
> >>   source-address {
> >>
> >>       0.0.0.0/32;
> >>
> >>   }
> >>
> >>   destination-prefix-list {
> >>
> >>       F5Traffic-IP;
> >>
> >>   }
> >>
> >> }
> >>
> >> then accept;
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>



-- 
Thanks,
Morgan


More information about the juniper-nsp mailing list