Table of Contents
Advertisement
Complete Software Guide for Junos
Related
Documentation
Understanding How Firewall Filters Are Evaluated
3030
®
OS for EX Series Ethernet Switches, Release 10.3
Firewall Filter Configuration Statements Supported by Junos OS for EX Series Switches
on page 3090
Example: Configuring Firewall Filters for Port, VLAN, and Router Traffic on EX Series
Switches on page 3039
Example: Using Filter-Based Forwarding to Route Application Traffic to a Security
Device on EX Series Switches on page 3058
Understanding Firewall Filter Match Conditions on page 3032
Understanding How Firewall Filters Are Evaluated on page 3030
Understanding How Firewall Filters Test a Packet's Protocol on page 3036
Understanding the Use of Policers in Firewall Filters on page 3036
Understanding Filter-Based Forwarding for EX Series Switches on page 3037
A firewall filter consists of one or more terms, and the order of the terms within a firewall
filter is important. Before you configure firewall filters, you should understand how Juniper
Networks EX Series Ethernet Switches evaluate the terms within a firewall filter and how
packets are evaluated against the terms.
When a firewall filter consists of a single term, the filter is evaluated as follows:
If the packet matches all the conditions, the action in the
If the packet matches all the conditions, and no action is specified in the
the default action
accept
When a firewall filter consists of more than one term, the firewall filter is evaluated
sequentially:
The packet is evaluated against the conditions in the
1.
If the packet matches all the conditions in the term, the action in the
2.
is taken and the evaluation ends. Subsequent terms in the filter are not evaluated.
If the packet does not match all the conditions in the term, the packet is evaluated
3.
against the conditions in the
This process continues until either the packet matches the conditions in the
statement in one of the subsequent terms or there are no more terms in the filter.
If a packet passes through all the terms in the filter without a match, the packet is
4.
discarded.
Figure 78 on page 3031 shows how an EX Series switch evaluates the terms within a firewall
filter.
is taken.
from
statement in the second term.
statement is taken.
then
then
statement,
from
statement in the first term.
statement
then
from
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Chapters
Table of Contents
Troubleshooting
Related Manuals for Juniper JUNOS OS 10.3 - SOFTWARE
Related Products for Juniper JUNOS OS 10.3 - SOFTWARE
- Juniper IDP OS 5.1R1 - S REV 1
- Juniper JUNOS OS 10.4 - S REV 5
- Juniper JUNOS OS 10.4 - FOR EX REV 1
- Juniper JUNOS OS 10.4 - XML API OPERATIONAL
- Juniper IDP OS 5.1R1
- Juniper JUNOS SOFTWARE 10.2 - SOFTWARE INSTALLATION AND UPGRADE GUIDE 4-28-2010
- Juniper OCX1100
- Juniper ADVANCED INSIGHT SCRIPTS 2.5 - S REV 1