Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Allow icmp packets in the filter

    Posted 10 days ago
    Hello,
     
    I wrote a filter for a constraint as follows
     
    set interfaces ae0 unit 0 family inet filter input closedaccess
    set firewall family inet filter closedaccess term access from source-address 192.168.1.2/32
    set firewall family inet filter closedaccess term access then accept
    set firewall family inet filter closedaccess term access_denied from destination-address 172.16.100.2/32
    set firewall family inet filter closedaccess term access_denied then reject
    set firewall family inet filter closedaccess term default-term then accept
    When I added the term for icmp accept, I couldn't get it to work, how do I accept all icmp requests from outside?


    ------------------------------
    demetri stanley
    ------------------------------


  • 2.  RE: Allow icmp packets in the filter

    Posted 7 days ago

    Hi,

    Can you please share the filter configuration with the term to accept icmp? 

    Regards



    ------------------------------
    Sheetanshu Shekhar
    ------------------------------

    Original Message


  • 3.  RE: Allow icmp packets in the filter

    Posted 7 days ago

    The filter above will deny all traffic to address 172.16.100.2/32.

    In filters once a match occurs all processing stops.

    So to allow icmp to 172.16.100.2/32 you would need an accept term just for icmp followed by the reject term above.



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------

    Original Message