Junos OS

 View Only
last person joined: yesterday 

Ask questions and share experiences about Junos OS.

Firewall filters EX-Series for traffic between VLANs

  • 1.  Firewall filters EX-Series for traffic between VLANs

    Posted 08-31-2021 11:37
    Hello,

    I have some question regarding firewall filters on a EX4300 virtual chassis, which routes between our internal subnets.

    First things first - we have a EX4300 virtual chassis, which routes our internal subnets (it, mgmt, wlan, client, printer, server, render ...). The VC has irb interfaces, which are bound to the corresponding vlans.

    For example:

    ...
    unit 23 {
    family inet {
    address 192.168.23.1/24;
       }
    }
    ...

    ...
    client_23 {
    vlan-id 23;
    l3-interface irb.23;
    }
    ...

    Now I want to prevent some VLANs to talk to another.

    For example:
    The client VLAN should not be able to communicate with the render VLAN, wlan VLAN and mgmt VLAN. But it should be able to communicate with the remaining VLANs.
    Can someone show me the correct commands?

    I know, that I usually should consider an internal firewall, but currently this is my only shot in separating the VLANs (10g capable firewalls are expensive).

    Thank you for your help and best regards,
    Julian