SRX

Expand all | Collapse all

Firewall filter source address query

Jump to Best Answer
  • 1.  Firewall filter source address query

     
    Posted 10-29-2018 07:07

    I have the following firewall filter in place:

     

    firewall {
        filter VPN {
            term VPN-Source {
                from {
                    source-address {
                        xxx.xxx.xxx.xxx/32;
                    }
                    destination-port 500;
                }
                then accept;
            }
            term IKE-BLOCK {
                from {
                    destination-port 500;
                }
                then {
                    reject;
                }
            }
            term else {
                then accept;
            }
        }
    }

     

    I'd like to add an additional souce address for 'either or' or 'both' sceanrios, is it simply a case of adding a new line under source-address or is more complicated than that?



  • 2.  RE: Firewall filter source address query
    Best Answer

    Posted 10-29-2018 13:10

    Hi,

    Adding another source address will work as "either or" scenarios. Both scenario is not valid as a packet will have only one source address( either Source A or Source B, not Source A and Source B)