Ethernet Switching
Reply
Regular Visitor
infiniti_wins
Posts: 7
Registered: ‎02-19-2011
0

needs to access some static users to a server ip using firewall filter

Folks,

 

 I have 5 Static IP's in user vlan (200) , and these static ip's should have access to both internet and particular vlan 201 , which also has a static ip . I have configured firewall filter as shown below and applied inside on vlan 200 . After this, i dont see the restriction from other vlan 200 users (dhcp ones ) on accessing vlan 201 .

 

Could you please advise of the below script ?

 

set interfaces vlan unit 201 family inet filter input Only-Vlan201

set firewall family inet filter Only-Vlan201 term T1 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T1 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T1 then accept

set firewall family inet filter Only-Vlan201 term T2 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T2 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T2 then accept

set firewall family inet filter Only-Vlan201 term T3 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T3 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T3 then accept

 

set firewall family inet filter Only-Vlan201 term T4 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T4 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T4 then accept

 

set firewall family inet filter Only-Vlan201 term T5 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T5 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T5 then accept

 

set firewall family inet filter Only-Vlan201 term T6 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T6 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T6 then accept

set firewall family inet filter Only-Vlan201 term T7 from source-address 192.168.5.x/32 set firewall family inet filter Only-Vlan201 term T7 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T7 then accept

set firewall family inet filter Only-Vlan201 term T8 from source-address 192.168.5.x/32 set firewall family inet filter Only-Vlan201 term T8 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T8 then accept

 

set firewall family inet filter Only-Vlan201 term T9 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T9 then deny

set firewall family inet filter Only-Vlan201 term default then accept

 

Regards,

 

SID

Super Contributor
nikolay.semov
Posts: 170
Registered: ‎03-15-2012
0

Re: needs to access some static users to a server ip using firewall filter

I believe your T9 term should have destination address of 192.168.201.0/24.
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.