[j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)
Aaron
aaron1 at gvtc.com
Fri Apr 1 16:38:43 EDT 2016
Thanks Daniel, this is encouraging... I wonder if I can get the specifics on when that will be available
Aaron
-----Original Message-----
From: dverlouw at gmail.com [mailto:dverlouw at gmail.com] On Behalf Of Daniel Verlouw
Sent: Friday, April 1, 2016 3:03 PM
To: Aaron <aaron1 at gvtc.com>
Cc: juniper-nsp List <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp)
Hi,
On Fri, Apr 1, 2016 at 9:52 PM, Aaron <aaron1 at gvtc.com> wrote:
> agould at eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit
> 0 family inet]
> 'filter'
> Referenced filter 'local_acl' can not be used as default/physical
> interface specific with lo0 not supported on ingress loopback
> interface
> error: configuration check-out failed
ACX does not support lo0 filter presently, which sucks. Good news is that it's on the roadmap for sometime this year I believe. No clue why they left it out in the first place...
As an alternative, you can apply input filter either to all your L3 interfaces, or use a fwd table filter.
E.g. permit trusted src to your infra, deny non-trusted src to your infra, permit everything else for transit.
Regards,
Daniel.
More information about the juniper-nsp
mailing list