Switching

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.

  • 1.  Firewall Filter Source Port Range ?

    Posted 06-02-2013 21:50

    Hi

     

    Im trying to create a firewall filter which allow only spesific destination-port from any address to any address, my problem is, can juniper ex do statefull firewall ? or how do i create a source-port range ? for example from 0-65536.

     

    Thx

     

     



  • 2.  RE: Firewall Filter Source Port Range ?

    Posted 06-03-2013 13:35

    The EX series switches do not provide stateful firewall filter only packet based filtering.

    Take a look at this link for help with creating numeric ranges in your filter criteria. http://www.juniper.net/techpubs/software/junos/junos94/swconfig-policy/specifying-numeric-range-filter-match-conditions.html



  • 3.  RE: Firewall Filter Source Port Range ?
    Best Answer

    Posted 06-06-2013 15:53

    Actually, you shoul be able to create and apply one. As JColl said, it does not support statefull firewall filtering. You can create Port, VLAN and RVI filters (L2/L3). There is lots of flexibility in creating these firewall filters. You have understand how the terms are evaluated. It is not quite as simple as it sounds. But for now try this:

     

    {master:0}[edit firewall family ethernet-switching]
    lab@exA-2# show
    filter block-some-ports {
        term other-ports {
            from {
                source-address {
                    0.0.0.0/0;
                }
                destination-address {
                    0.0.0.0/0;
                }
                destination-port 1024-65535;
            }
            then {
                discard;
                log;
            }
        }
        term allow-other-ports {
            then accept;
        }
    }
     
    {master:0}[edit firewall family ethernet-switching]


  • 4.  RE: Firewall Filter Source Port Range ?

    Posted 06-14-2013 06:55

    Thx all....i want to mark the two post as answer but it seems i cant..