Junos OS

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Firewall filters EX-Series for traffic between VLANs

  • 1.  Firewall filters EX-Series for traffic between VLANs

    Posted 08-31-2021 11:37
    Hello,

    I have some question regarding firewall filters on a EX4300 virtual chassis, which routes between our internal subnets.

    First things first - we have a EX4300 virtual chassis, which routes our internal subnets (it, mgmt, wlan, client, printer, server, render ...). The VC has irb interfaces, which are bound to the corresponding vlans.

    For example:

    ...
    unit 23 {
    family inet {
    address 192.168.23.1/24;
       }
    }
    ...

    ...
    client_23 {
    vlan-id 23;
    l3-interface irb.23;
    }
    ...

    Now I want to prevent some VLANs to talk to another.

    For example:
    The client VLAN should not be able to communicate with the render VLAN, wlan VLAN and mgmt VLAN. But it should be able to communicate with the remaining VLANs.
    Can someone show me the correct commands?

    I know, that I usually should consider an internal firewall, but currently this is my only shot in separating the VLANs (10g capable firewalls are expensive).

    Thank you for your help and best regards,
    Julian