Junos OS

Hi,

I have a simple thing I want to achieve, I want to allow a bunch of monitoring hosts to send ICMP and SNMP traffic to RE, I configured the following firewall filtering term:

from {
    source-address {
        1.1.1.1/32;
         1.1.1.2/32;
         1.1.1.3/32;
    }
    protocol [ icmp udp ];
    port snmp;
}
then accept;

But this filter is blocking ICMP, I had to use a seperate term to allow protocol ICMP, since there are many monitoring hosts to white list,  is there any way I can use one term to allow ICMP and SNMP traffic?

Hey oldcreek,

Greetings, If I am understanding correctly what you just explained this behavior is expected and cannot be changed as  all conditions must match for the action to be executed

In the from statement of a firewall filter term, you specify the conditions that the packet must match for the action in the then statement to be taken. All conditions must match for the action to be implemented. The order in which you specify match conditions is not important, because a packet must match all the conditions in a term for a match to occur.

https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-qfx-series-match-understanding.html#jd0e161

If this solves your problem, please mark this post as "Accepted Solution" so we can help others too \:)/

Regards,

Lil Dexx
JNCIE-ENT#863, 3X JNCIP-[SP-ENT-DC], 4X JNCIA [cloud-DevOps-Junos-Design], Champions Ingenius, SSYB