Hi all, I've tried to found decision by myself but unsuccessfully. I'm not so good at network's management. I hope to find some answers here 🙂
Topology: Juniper EX4200. I have users(production team) that are connected to the Juniper's ports and users(managers) that are connected to the cheap 1GB switch which one's connected to Juniper. And a server that is connected to Juniper.
Goal: Server has to be accessible to all users. But I want to avoid the traffic collision between mangers and production team. I mean they shouldn't have access to each other.
I've tried to create the firewall filter that discard all packets not destined to the server. I assigned this filter to the port which managers connected to. I've tried to use destination address as a criteria to discard all useless packets. But it doesn't work.
filter PublicServer {
term t1 {
from {
destination-address {
1.1.1.1/32;
192.168.0.100/32 except;
}
}
then discard;
}
term t2 {
then accept;
}
}
Also I'm not sure about the approach. Should I use firewall or filter based forwarding or create different vlans and configure routing between vlans or etc?
Any help will be appreciated. Many thanks.