Table of Contents
Advertisement
Related
Documentation
Firewall Filter Match Conditions and Actions for EX Series Switches
Copyright © 2010, Juniper Networks, Inc.
routing) to a destination. Data packets are forwarded to their destination through an
outgoing interface. Locally destined packets are forwarded to the Routing Engine.
Egress firewall filters affect the flow of data packets that are transmitted from the
switch's interfaces but do not affect the flow of locally generated control packets from
the Routing Engine. The Packet Forwarding Engine handles the flow of data packets
that are transmitted from the switch, and egress firewall filters are applied here. The
Packet Forwarding Engine also handles the flow of control packets from the Routing
Engine.
Figure 77 on page 3009 illustrates the application of ingress and egress firewall filters to
control the flow of packets through the switch.
Figure 77: Application of Firewall Filters to Control Packet Flow
Ingress firewall filter applied to control locally destined packets that are received on
1.
the switch's interfaces and are destined for the Routing Engine.
Ingress firewall filter applied to control incoming packets on the switch's interfaces.
2.
Egress firewall filter applied to control packets that are transiting the switch's
3.
interfaces.
Understanding Firewall Filter Processing Points for Bridged and Routed Packets on EX
Series Switches on page 3007
Understanding How Firewall Filters Are Evaluated on page 3030
Each term in a firewall filter consists of match conditions and an action. Match conditions
are the values or fields that a packet must contain. You can define multiple, single, or no
match conditions. If no match conditions are specified for the term, all packets are
matched by default. The action is the action that the switch takes if a packet matches
the match conditions for the specific term. Action modifiers are optional and specify one
Chapter 100: Firewall Filters—Overview
3009
Advertisement
Chapters
Table of Contents
Troubleshooting
