Juniper JUNOS OS 10.3 - SOFTWARE Manual page 3155

Step-by-Step
Procedure
Results
Copyright © 2010, Juniper Networks, Inc.
To configure filter-based forwarding:
Create interfaces to the application servers:
1.
[edit]
user@switch# set interfaces ge-0/0/0 unit 0 family inet address 10.1.0.1/24
user@switch# set interfaces ge-0/0/3 unit 0 family inet address 10.1.3.1/24
Create a firewall filter that matches the correct source address:
2.
[edit]
user@switch# set firewall family inet filter fil term t1 from source-address 1.1.1.1/32
user@switch# set firewall family inet filter fil term t1 from protocol tcp
Associate the filter with the source application server's interface:
3.
[edit]
user@switch# set interfaces ge-0/0/0 unit 0 family inet filter input fil
Create a virtual router:
4.
[edit]
user@switch# set routing-instances vrf01 instance-type virtual-router
Associate the interfaces with the virtual router:
5.
[edit]
user@switch# set routing-instances vrf01 interface ge-0/0/1.0
user@switch# set routing-instances vrf01 interface ge-0/0/3.0
Configure the routing information for the virtual routing instance:
6.
[edit]
user@switch# set routing-instances vrf01 routing-options static route 12.34.56.0/24
next-hop 10.1.3.254
Set the filter to forward packets to the virtual router you created:
7.
[edit]
user@switch# set firewall family inet filter fil term t1 then routing-instance vrf01
Check the results of the configuration:
user@switch> show configuration
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
filter {
input fil;
}
address 10.1.0.1/24;
}
}
}
ge-0/0/3 {
unit 0 {
family inet {
address 10.1.3.1/24;
}
Chapter 101: Examples of Firewall Filters Configuration
3059