Hi,
I've tried a few different approaches to get our Filter working, but running into a wall. Our Loopback approach on the SRX works without issues, but was told it's not recommended to use the loopback on the EX since there was a few limitations. Anyone have an example for the EX? We're running 10.0x and simply trying to lock down SSH/HTTPS access. Here is what I currently have. Thank you.
filter v156 {
term 1 {
from {
source-prefix-list {
mgt-vlans;
}
destination-prefix-list {
mgt-ips;
}
protocol tcp;
destination-port [ ssh https ];
}
then {
log;
accept;
}
}
term 2 {
from {
source-address {
10.0.0.0/8;
}
destination-prefix-list {
mgt-ips;
}
protocol tcp;
destination-port [ ssh https ];
}
then {
log;
discard;
}
}
term 3 {
then accept;
}
}
policy-options {
prefix-list mgt-vlans {
10.100.1.0/24;
10.108.1.0/24;
10.108.152.0/24;
10.109.48.0/24;
}
prefix-list mgt-ips {
10.108.156.1/32;
10.108.156.2/32;
}
}
unit 0 {
family inet;
}
unit 156 {
family inet {
filter {
input v156;
}
address 10.108.156.2/24 {
vrrp-group 0 {
virtual-address 10.108.156.1;
priority 110;
accept-data;
}
}
}
}