I have a pair of EX4600 configured as VC. I would like to add some firewall filters to specific ports (ae2 in this case), so they would be protected from outside (accessible only from Trusted-Sources prefix list), but should be able to access the internet. I am trying with different options, but nothing works like I would expect... :/
I would appreciate any input or suggestions you may have.
here is my config, which does not work as expected:
set interfaces xe-0/0/2 description "LAG 2"
set interfaces xe-0/0/2 ether-options 802.3ad ae2
set interfaces xe-1/0/2 description "LAG 2"
set interfaces xe-1/0/2 ether-options 802.3ad ae2
set interfaces ae2 description "server 2"
set interfaces ae2 aggregated-ether-options lacp active
set interfaces ae2 aggregated-ether-options lacp periodic fast
set interfaces ae2 unit 0 family ethernet-switching interface-mode access
set interfaces ae2 unit 0 family ethernet-switching vlan members servers-01
set interfaces ae2 unit 0 family ethernet-switching filter input protect_srv
set policy-options prefix-list Trusted-Sources 10.0.0.0/8
set policy-options prefix-list Trusted-Sources 172.1.10.45/32
set policy-options prefix-list Trusted-Sources 172.1.100.11/32
set firewall family ethernet-switching filter protect_srv term ARP from ether-type arp
set firewall family ethernet-switching filter protect_srv term ARP then accept
set firewall family ethernet-switching filter protect_srv term rule1 from source-prefix-list Trusted-Sources
set firewall family ethernet-switching filter protect_srv term rule1 then accept
set firewall family ethernet-switching filter protect_srv term DEFAULT-DISCARD then discard
set firewall family ethernet-switching filter protect_srv term DEFAULT-DISCARD then log
------------------------------
JERNEJ PRAPROTNIK
------------------------------