SRX

Hi all,

I want know, what's different about firewall filter and security policy?

is firewall filter same with ACL on ci*co product?

Thanks

F

Hi Feri,

Yes, a firewall filter is the same as the ACL on a Cisco.

In a nutshell:

"Security policies enforce a set of rules for transit traffic, identifying which traffic can pass through the firewall and the actions taken on the traffic as it passes through the firewall."

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16553

"A stateless firewall filter, also known as an access control list (ACL), is a long-standing JUNOS feature used to define stateless packet filtering and quality of service (QoS). A stateless firewall filter statically evaluates packet contents. A stateful firewall filter uses connection state information derived from past communications and other applications to make dynamic control decisions."

http://kb.juniper.net/InfoCenter/index?page=content&id=KB16685

Hi MMcD,

Thanks for your argument and link

When we use firewall filter ? is it use only for QOS and routing instance?

Then if we do to open/close port enough use security policy?

Regards

F

You probably wont need to use firewall filters unless you are blocking access to services on the firewall it self or are doing QoS/CoS type stuff that is not policy based.

Policies are between zones and are for traffic transiting the SRX itself and use the flow module rather than being stateless.  They are used to open flows between zones(Basically allowing port access across a zone to a destination zone).  By default this is blocked.  So you can open and control port access between the various zones with relative ease.

Thanks for the info.