Juniper EX9200 Features Manual page 113

Meaning
Purpose
Action
Meaning
Copyright © 2016, Juniper Networks, Inc.
Verify the following information:
OSPF session establishment is blocked. OSPF does not use TCP as its transport
protocol. After the
from protocol tcp
establishment is successful.
Verifying the ICMP Firewall Filter
Verify that ICMP packets are being policed and counted. Also make sure that ping requests
are discarded when the requests originate from an untrusted source address.
Undo the configuration changes made in previous verification steps.
1.
Reactivate the TCP firewall settings, and delete the 172.16/16 trusted source address.
[edit firewall family inet filter protect-RE term tcp-connection-term]
user@R2# activate from protocol
user@R2# activate from tcp-established
[edit policy-options prefix-list trusted-addresses]
user@R2# delete 172.16.0.0/16
user@R2# commit
From Device R1, ping the loopback interface on Device R2.
2.
user@R1> ping 192.168.0.2 rapid count 600 size 2000
PING 192.168.0.2 (192.168.0.2): 2000 data bytes
! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! ! . ! ! ! ! ! ! ! !
--- 192.168.0.2 ping statistics ---
600 packets transmitted, 536 packets received, 10% packet loss
pinground-trip min/avg/max/stddev = 2.976/3.405/42.380/2.293 ms
From Device R2, check the firewall statistics.
3.
user@R2> show firewall
Filter: protect-RE
Counters:
Name
icmp-counter
Policers:
Name
icmp-policer
tcp-connection-policer
From an untrusted source address on Device R1, send a ping request to Device R2's
4.
loopback interface.
user@R1> ping 172.16.0.2 source 172.16.0.1
PING 172.16.0.2 (172.16.0.2): 56 data bytes
^C
--- 172.16.0.2 ping statistics ---
14 packets transmitted, 0 packets received, 100% packet loss
Verify the following information:
Chapter 9: Filter-Specific Counters and Policers
match condition is deactivated, OSPF session
Bytes
1180804
Bytes
Packets
1135
Packets
66
0
95