[j-nsp] VLAN Security Filter

Mohammed Abu Sultan [NIBRAS] MAbuSultan at nibrasalain.ae
Tue Mar 27 00:45:19 EDT 2018


Hi All,

We have the following VLAN configured on EX 8200 in the same routing-instance as the following:

Vlan 3 (IT Department) Address 172.22.3.0/24
Vlan 2 (HR Department) Address 172.22.2.0/24
Vlan 6 (Finance Department) Address 172.22.6.0/24

I want to allow IT Vlan to communicate with HR & Finance but I don't want HR & Finance to communicate with IT Department

I created a filter firewall as the following
firewall {
    family inet {
        filter TEST {
            term 1 {
                from {
                    source-address {
                        172.22.2.0/24;
                        172.22.6.0/24;
                    }
                }
                then {
                    discard;
                }
            }
            term 2 {
                then accept;
            }
        }
And then I assign the filter to the interface vlan as the following:
interfaces {
    vlan {
        unit 3 {
            family inet {
                address 172.22.2.2/24 {
                                                filter output TEST

The result after applying this change is

HR & Finance are unable to communicate with IT also IT is not communicate with HR & Finance (not meeting our requirements)

Looking for your support

Regards,


Disclaimer: This message (including any attachments) is confidential and intended solely for the person or organization to whom it is addressed. It may contain privileged and confidential information. If you are not the intended recipient, you should not copy, distribute or take any action in reliance on it. If you have received this message in error, please notify us immediately by telephoning or emailing the sender. This footnote also confirms that this email message has been scanned for the presence of computer viruses.


More information about the juniper-nsp mailing list