Security

 View Only
last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
  • 1.  Client Isolation | Firewall Filter

    Posted 11-01-2021 05:45
    Hi all, 

    Does anyone know if sub-vlan isolation (ie, port isolation in the same vlan) can be doen with firewall filters using family etherenet-switching?

    I tried the following, and yeah, nothing can talk to anything.....including the default GW / DHCP

    Any ideas?

    family ethernet-switching {
        filter Data-Isolation {
            term A {
                from {
                    source-mac-address {
                        00:00:00:00:00:00/48;
                    }
                    destination-mac-address {
                        2a:30:44:1f:bd:59/48;
                    }
                }
                then accept;
            }
            term B {
                from {
                    source-mac-address {
                        2a:30:44:1f:bd:59/48;
                    }
                    destination-mac-address {
                        00:00:00:00:00:00/48;
                    }
                }
                then accept;
            }                               
            term C {
                from {
                    source-mac-address {
                        00:00:00:00:00:00/48;
                    }
                    destination-mac-address {
                        00:00:00:00:00:00/48;
                    }
                    source-port [ 67 68 ];
                    destination-port [ 67 68 ];
                }
                then accept;
            }
            term D {
                from {
                    source-mac-address {
                        00:00:00:00:00:00/48;
                    }
                    destination-mac-address {
                        00:00:00:00:00:00/48;
                    }
                }
                then discard;               
            }
            term E {
                then accept;
            }
        }
    }​


  • 2.  RE: Client Isolation | Firewall Filter

    Posted 11-02-2021 05:40
    Have you seen the private vlan feature that can be implemented on the switch for client isolation.

    https://www.juniper.net/documentation/en_US/release-independent/nce/topics/concept/pvlans-solution-segragating-customer-traffic.html

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------