[j-nsp] Firewall filter -EX4500
Brijesh Patel
brju.patel at gmail.com
Wed Jul 10 04:40:35 EDT 2013
Many thanks, Yes am doing Nating as well , does it require any extra change
?
Brijesh Patel
On Wed, Jul 10, 2013 at 12:52 AM, Morgan McLean <wrx230 at gmail.com> wrote:
> Correct, it should be 0/0 but also are you doing NAT anywhere? The
> internet won't be going to 192.168.x.x directly.
>
> Morgan
>
>
> On Tue, Jul 9, 2013 at 3:56 PM, Chris Kawchuk <juniperdude at gmail.com>wrote:
>
>> And you can omit the "source-address" (i.e. it ignores the source IP
>> now) and it matches all source IP traffic.
>>
>> from {
>> destination-prefix-list {
>> F5Traffic-IP;
>> }
>> then {
>> accept;
>> }
>>
>>
>>
>> On 09/07/2013, at 11:22 PM, Andy Litzinger <
>> Andy.Litzinger at theplatform.com> wrote:
>>
>> > I think your source ip range netmask should be /0, not /32. I.e:
>> 0.0.0.0/0
>> >
>> >
>> >>
>> >> from {
>> >>
>> >> source-address {
>> >>
>> >> 0.0.0.0/32;
>> >>
>> >> }
>> >>
>> >> destination-prefix-list {
>> >>
>> >> F5Traffic-IP;
>> >>
>> >> }
>> >>
>> >> }
>> >>
>> >> then accept;
>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>>
>
>
>
> --
> Thanks,
> Morgan
>
More information about the juniper-nsp
mailing list