Security

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.

Firewall filter "except" keyword

  • 1.  Firewall filter "except" keyword

    Posted 08-27-2021 14:05
    Hi, all,

    Say I have one uplink connection to service providers, I want to implement a input filter on the interfaces to  reject all BGP connections except for configured peers, so I have the following configuration:

    set policy-options prefix-list isp-peer apply-path "protocols bgp group <*> neighbor <*>"
    set firewall family inet filter allow_access_ in term bgp from source-prefix-list isp-peer except
    set firewall family inet filter allow_access_in  term bgp from port bgp
    set firewall family inet filter allow_access_in  term bgp then reject

    But the above filter term is not taking effect, what could be wrong?

    John

    ------------------------------
    John Gerro
    ------------------------------