Junos OS

Expand all | Collapse all

Firewall filtering for monitoring servers

Jump to Best Answer
  • 1.  Firewall filtering for monitoring servers

    Posted 04-01-2020 12:39

    Hi,

     

    I have a simple thing I want to achieve, I want to allow a bunch of monitoring hosts to send ICMP and SNMP traffic to RE, I configured the following firewall filtering term:

     

    from {
        source-address {
            1.1.1.1/32;
             1.1.1.2/32;
             1.1.1.3/32;
        }
        protocol [ icmp udp ];
    port snmp; } then accept;

    But this filter is blocking ICMP, I had to use a seperate term to allow protocol ICMP, since there are many monitoring hosts to white list,  is there any way I can use one term to allow ICMP and SNMP traffic?



  • 2.  RE: Firewall filtering for monitoring servers
    Best Answer

     
    Posted 04-01-2020 13:28

     

     

    Hey oldcreek,

     

    Greetings, If I am understanding correctly what you just explained this behavior is expected and cannot be changed as  all conditions must match for the action to be executed

     

    In the from statement of a firewall filter term, you specify the conditions that the packet must match for the action in the then statement to be taken. All conditions must match for the action to be implemented. The order in which you specify match conditions is not important, because a packet must match all the conditions in a term for a match to occur.

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-qfx-series-match-understanding.html#jd0e161

     

     

    If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

    Regards,

     

    Lil Dexx
    JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB