Table of Contents
Advertisement
Step-by-Step
To configure and apply an egress port firewall filter to count and analyze
Procedure
traffic that is destined for the Web:
Define the firewall filter
1.
[edit firewall]
user@switch# set family ethernet-switching filter egress-vlan-watch-employee
Define the term
2.
traffic destined for the corporate subnet:
[edit firewall family ethernet-switching filter egress-vlan-watch-employee]
user@switch# set term employee-to-corp from destination-address 192.0.2.16/28
user@switch# set term employee-to-corp then accept
Define the term
3.
destined for the Web:
[edit firewall family ethernet-switching filter egress-vlan-watch-employee]
user@switch# set term employee-to-web from destination-port 80
user@switch# set term employee-to-web then count employee-web-counter
user@switch# set term employee-to-web then analyzer employee-monitor
Apply the firewall filter
4.
interfaces for the VoIP telephones:
[edit]
user@switch# set vlans employee-vlan description "filter at egress VLAN to count and
analyze employee to Web traffic"
user@switch# set vlans employee-vlan filter output egress-vlan-watch-employee
Results
Display the results of the configuration:
user@switch# show
firewall {
family ethernet-switching {
filter egress-vlan-watch-employee {
egress-vlan-watch-employee
employee-to-corp
employee-to-web
NOTE: See "Example: Configuring Port Mirroring for Local Monitoring
of Employee Resource Use on J-EX Series Switches" on page 3249 for
information about configuring the
egress-vlan-watch-employee
term employee-to-corp {
from {
destination-address 192.0.2.16/28
}
then {
accept;
}
}
term employee-to-web {
from {
destination-port 80;
}
then {
count employee-web-counter:
Chapter 101: Examples of Firewall Filters Configuration
:
to accept but not monitor all
to count and monitor all
employee-vlan
employee-monitor
as an output filter to the port
employee-vlan
employee-vlan
traffic
analyzer.
2767
Advertisement
Chapters
Table of Contents
Troubleshooting
