SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Setting up a firewall filter with multiple "source-address" to evaluate. Syntax?

    Posted 18 days ago

    I need to evaluate traffic entering our SRX cluster to check for a short list of source devices and route them to a specific outgoing port on the SRX.  I haven't found the syntax to have multiple entries under source-address online. 

    is it just ...source-address { IP-1 IP_2 IP_3 ...} ?  By this I mean simply list each IP with a space between each one and then close the list with the "}" character. 

    I found one example that showed multiple "set source-address xxx.yyy.zzz.qqq; " lines in the stanza style syntax, but nothing so far in the " display set " type syntax.  



    ------------------------------
    JOHN WILLIAMSON
    ------------------------------


  • 2.  RE: Setting up a firewall filter with multiple "source-address" to evaluate. Syntax?

    Posted 17 days ago

    You'll see the curly braces when displaying the configuration (if more than one address present). To set the configuration use multiple set firewall family inet filter yada term blah from source-address IP_ADDRESS_HERE lines.

    Just play with it -- configure some filter without committing the configuration and see how it looks.



    ------------------------------
    Nikolay Semov
    ------------------------------