Junos OS

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  VDSL management filter

    Posted 11 days ago
    hi all,
    I'm new to Juniper.  I configured a test setup with an pppoe WAN access. It works so far.

    What I am struggeling with now is: How can I block managment access from the internet?

    I tried to configure a filter, but I can't appy it on the pp0 or pt-1/0/0 interface. Read several guides, but coudn't manage to get the restriction working.

    Hardware is SRX300 series.

    Thx for your support!


  • 2.  RE: VDSL management filter

    Posted 10 days ago
    hi freddy,
    on SRX platform you could set allowed host-inbound traffic to security zone where pp0.0 is asigned and  prepare security policices from that zone to zone junos-host. Another way is to apply family inet filter on L3  interface, so it will be on pp0.0.

    ------------------------------
    JIRI KUBIN
    ------------------------------



  • 3.  RE: VDSL management filter

    Posted 10 days ago
    Hi Freddy, 

    I'm not sure if this is exactly this you are looking for: 

    How would it be to work with a loopback interface (lo). By using a firewall filter, you can determine exactly which traffic is allowed to reach the routing engine of the router (SRX) from outside and which is not.

    [edit interfaces]
    lo0 {
        unit 0 {
            family <inet | inet6> {
                filter {
                    input f1;
                }
            }
        }
    }
    Here is a configuration example:
    https://www.juniper.net/documentation/us/en/software/junos/routing-policy/topics/concept/firewall-filter-loopback-interface-acx-series.html

    Cheers, 
    Steve

    ------------------------------
    Steve
    ------------------------------



  • 4.  RE: VDSL management filter

    Posted 9 days ago
    thank you for your replies.

    i figured it out.

    my problem was that i had tried to assign the filter to the pp0.0 interface, instead of just pp0...

    works now, thank you for your hints!

    ------------------------------
    MICHEL
    ------------------------------