Hello all,
I am new to the firewall settings in junos and made the following setup with the outcome the only the ICMP rule works but I have no connectivity on the other rules into the vlan. The idea was to leave the vlans send outbound what ever they like and on vlans I like to protect, I would set an ingress firewall rule on the vlan. I have tried for h to see why or why not to use ethernet-switching as famalie or inet. As inet I can not use on vlans here is my take:
root@juniper# show firewall
family ethernet-switching {
filter VoIP {
term VoIP-UDP {
from {
destination-port [ 5060 5090 9000-9500 ];
ip-protocol udp;
}
then {
accept;
log;
count voip_udp;
}
}
term VoIP-TCP {
from {
destination-port [ 5060 5061 5090 80 443 ];
ip-protocol tcp;
}
then {
accept;
log;
count voip_tcp;
}
}
term VoIP-ICMP {
from {
ip-protocol [ icmp icmp6 ];
}
then {
accept;
count voip_icmp;
}
}
term VoIP-Remote {
from {
destination-port 22;
ip-source-address {
10.32.0.22/32;
}
ip-destination-address {
10.12.0.20/32;
}
ip-protocol tcp;
}
then {
accept;
log;
count voip_remote;
}
}
}
}
mapped to the Vlan
root@juniper# show vlans Production-VoIP
vlan-id 12;
l3-interface irb.12;
forwarding-options {
filter {
input VoIP;
}
dhcp-security;
}
and only ICMP works, for all others even the count is 0
root@juniper# run show firewall
Filter: VoIP
Counters:
Name Bytes Packets
voip_icmp 15744 192
voip_remote 0 0
voip_tcp 0 0
voip_udp 0 0
would someone be so kind to tell me where I went wrong?