QFX create firewall filters How to

Published by blogger on

firewall filters have been explained in many official juniper documents. However, we would explain the filters and easiest way to create your own firewall filters to secure communication between multiple VLANs within a QFX 5100 virtual chassis environment.

 

you can create egress and ingress firewall filters. based on your requirement on your filters either on layer2 packet filter or layer3 packet filter you can create filters.

 

let’s say you would like to block ssh to a destination (irb interface).

in the above tutorial, we have used a source address as a /23 subnet and the destination address as another /23 subnet. However, you can set a single address as a source address or multiple addresses based on your requirements based on your use case scenario.

 

Please note the rules are processed sequentially. so you would need to create your rules carefully so that your rules are not conflicting with each other.

finally, apply your filter on the respective irb interface.

set interfaces irb unit 1 family inet filter input terminal_access

this will make the firewall rules to be in effect.

if you wish to monitor the traffic that’s been processed you can run monitor to see the traffic outflow.

monitor traffic interface irb.1