On J-Ex Series Switches - Dell PowerConnect J-EX4200-24T Software Manual

Dell PowerConnect J-Series Ethernet Switch Complete Software Guide for Junos OS
Understanding Firewall Filter Processing Points for Bridged and Routed Packets on
J-EX Series Switches
2726
Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on J-EX Series
Switches on page 2755
Example: Using Filter-Based Forwarding to Route Application Traffic to a Security
Device on J-EX Series Switches on page 2773
J-EX Series Switches are multilayered switches that provide Layer 2 switching and Layer
3 routing. You apply firewall filters at multiple processing points in the packet forwarding
path on J-EX Series switches. At each processing point, the action to be taken on a packet
is determined based on the results of the lookup in the switch's forwarding table. A table
lookup determines which exit port on the switch to use to forward the packet.
For both bridged unicast packets and routed unicast packets, firewall filters are evaluated
and applied hierarchically. First, a packet is checked against the port firewall filter, if
present. If the packet is permitted, it is then checked against the VLAN firewall filter, if
present. If the packet is permitted, it is then checked against the router firewall filter, if
present. The packet must be permitted by the router firewall filter before it is processed.
Figure 75 on page 2726 shows the various firewall filter processing points in the packet
forwarding path in a multilayered switching platform.
Figure 75: Firewall Filter Processing Points in the Packet Forwarding Path