Good Morning,
I am having an issue with my management ACL on an MX204. This is the same configuration I used on the 104s that I currently have. This is still allowing ssh connections from any IP. I also would like to limit this down to just the management interface.
set policy-options prefix-list MGMT_Net x.x.x.0/24
set policy-options prefix-list MGMT_Net x.x.x.0/24
set policy-options policy-statement export-routes term export-statics from protocol static
set policy-options policy-statement export-routes term export-statics then accept
set policy-options policy-statement export-routes term export-direct then accept
set firewall family inet filter MGMT term T1 from source-address 0.0.0.0/0
set firewall family inet filter MGMT term T1 from source-prefix-list MGMT_Net except
set firewall family inet filter MGMT term T1 from destination-port ssh
set firewall family inet filter MGMT term T1 from destination-port https
set firewall family inet filter MGMT term T1 from destination-port telnet
set firewall family inet filter MGMT term T1 from destination-port http
set firewall family inet filter MGMT term T1 from destination-port ntp
set firewall family inet filter MGMT term T1 then discard
set firewall family inet filter MGMT term accept_everything_else then accept
Any help is appreciated.
Thanks,
Matt