Table of Contents
Advertisement
Configuring Simple Filters (NSM Procedure)
Copyright © 2010, Juniper Networks, Inc.
Table 83: Service Filter Configuration Details (continued)
Task
Define firewall filter term.
Simple filters are used to support Ethernet IQ2 PICs. A simple filter is a subset of a firewall
filter with the following limitations:
The next-term action is not supported.
The except and protocol-except match conditions are not supported.
Noncontiguous masks are not supported.
Only one source-address and one destination-address prefix are allowed for each
filter term.
Your Action
1.
Click Term next to service-filter.
2. Click Add new entry next to Term.
3. Expand Term.
4. In the Name box, enter the name that identifies the term.
5. In the Comment box, enter the comment for the term.
6. Expand From.
7. In the Comment box, enter the comment.
8. Check the Is Fragment check box if the packet is a trailing
fragment.
9. Check the First Fragment check box if it matches the first
fragment of a fragmented packet.
10. In the Fragment Flags box, enter the IP fragmentation flags.
11. From the listed protocol-independent match conditions, select
the filters defined for the Inet family type.
The protocol-independent match conditions are Address, Ah
Spi, Destination Address, Destination port, Destination prefix
List, Esp Spi, Fragment offset, Interface Group, , Ip Options,
Loss Priority, Port, Prefix List, Protocol, Source Address, Source
Port, and Source Prefix List.
12. Click Then next to From.
13. In the Comment box, enter the comment for then.
14. In the Count box, enter the number of packets.
15. Select the Log check box to store the header information of
a packet on the Routing Engine.
16. Select the Sample check box to sample the packet traffic.
17. Select the Port Mirror check box to port-mirror the packets.
18. Select Service to direct packets for stateful-firewall service.
19. Select Skip to let packets bypass stateful-firewall service.
Chapter 15: Configuring Firewall
171
Advertisement
Table of Contents
