Hi,
You have to apply the firewall filter in all logical interfaces. The firewall filter will not extend to logical interfaces if you apply to only physical interface.
You may apply the filter to loopback interface of the internal devices to control device ssh access. In the filter allow the internal networks you want to allow access This is the recommneded method and there is no need to apply the filter to every interfaces and it is future proof.
Or
you can also use group config to apply the filter to all existing logical interfaces interfaces. This method is also future proof.
set groups block-ssh interfaces <ge-*> unit <*> family inet filter input <filter name>
set apply-groups block-ssh