Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  Outbound Firewall Filter to Internet Only

    Posted 08-12-2015 06:39

    Hi All, 

     

    We are in the proccess of adding a firewall filter to one of our VLANs where we want to restrict all devices on this guest VLAN.100 from being able to access all other VLANs in this example, lets say we have VLANs 5-50 the the business use. 

     

    Is there a way for us to have a low maintenace rule that we do not need to amend when new VLANs are added, and we can apply Outbound on the guest VLAN.100 RVI? 

     

    We would like this VLAN to have full access to the internet and nothing else. 

     

    To add a slight complication, the internet is accesses via VLAN.2, which then forwards to an SRX and then onto an SSG firewall. 

     

    We are looking to do these rules on the EX switches as we do not have direct management of the other outer devices. 

     

    We would also need to keep the RVI on this VLAN as we require inbound access to devices on this guest type network. 

     

    Hope someone can lend a helping hand. 

     

    Josh 


    #filters
    #EX
    #firewall


  • 2.  RE: Outbound Firewall Filter to Internet Only
    Best Answer

    Posted 08-14-2015 12:15

    It would be easier to have the guest VLAN live on the SRX or SSG, but I see your reason for not doing that.

     

    On your switch, do you have VRFs setup for different VLANs or just one routing table?



  • 3.  RE: Outbound Firewall Filter to Internet Only

    Posted 09-04-2015 00:17

    Thank you SRXs, I have had a little read up on this and it looks like it might be what we need. 

     

    Appriciate the suggestion!