I checked out videos and docs on the Juniper support site and came up with these settings. ( Hiding the real IPs )
set firewall filter Rims_Filter term 1 from source-address xxx.xxx.xxx.xxx/32
set firewall filter Rims_Filter term 1 from destination-address yyy.yyy.yyy.yyy/32
set firewall filter Rims_Filter term 1 then sample
set firewall filter Rims_Filter term 1 then accept
set firewall filter Rims_Filter term 2 from source-address yyy.yyy.yyy.yyy/32
set firewall filter Rims_Filter term 2 from destination-address xxx.xxx.xxx.xxx/32
set firewall filter Rims_Filter term 2 then sample
set firewall filter Rims_Filter term 2 then accept
set firewall filter Rims_Filter term 3 then accept
As well as these lines in the config:
set interfaces ge-0/0/15 unit 0 family inet filter input Filter_Name
set interfaces ge-0/0/15 unit 0 family inet filter output Filter_Name
My issue is that the saved file is not being created in the /cf/var/tmp folder on the firewall. It was created the first time I tried this with a less elegant filter as shown below.
delete firewall filter Rims_Filter term 1 from source-address xxx.xxx.xxx.xxx/32
delete firewall filter Rims_Filter term 1 from destination-address yyy.yyy.yyy.yyy/32
set firewall filter Rims_Filter term 1 then sample
set firewall filter Rims_Filter term 2 then accept
set firewall filter Rims_Filter term 3 from source-address yyy.yyy.yyy.yyy/32
set firewall filter Rims_Filter term 3 from destination-address xxx.xxx.xxx.xxx/32
set firewall filter Rims_Filter term 3 then sample
set firewall filter Rims_Filter term 4 then accept
set interfaces ge-0/0/15 unit 0 family inet filter input Filter_Name. ( Note I only have the input line here )
Where have I made my mistake? I use the command set forwarding-options packet-capture disable to turn it off and set forwarding-options packet-capture enable to turn it back on.
------------------------------
JOHN WILLIAMSON
------------------------------