[j-nsp] Firewall filter rule based on external reachability of server
Matthew Crocker
matthew at corp.crocker.com
Wed Mar 29 15:15:35 EDT 2023
Hello,
I have a filter setup :
term DDOS {
from {
destination-prefix-list {
DDOS-Customers;
}
}
then {
count DDOS;
next-ip 192.168.126.2/32;
}
}
The 192.168.126.2 IP is the DDOS mitigation device. Is there a way I can setup the router to ping the 192.168.126.2 address, set a ‘reachable variable’ and then use that variable in the filter. So if the device goes down the filter term is bypassed and traffic flows to the customer bypassing the DDOS mitigation machine.
More information about the juniper-nsp
mailing list