Ethernet Switching
Ethernet Switching

needs to access some static users to a server ip using firewall filter

06.13.12   |  
‎06-13-2012 01:50 AM

Folks,

 

 I have 5 Static IP's in user vlan (200) , and these static ip's should have access to both internet and particular vlan 201 , which also has a static ip . I have configured firewall filter as shown below and applied inside on vlan 200 . After this, i dont see the restriction from other vlan 200 users (dhcp ones ) on accessing vlan 201 .

 

Could you please advise of the below script ?

 

set interfaces vlan unit 201 family inet filter input Only-Vlan201

set firewall family inet filter Only-Vlan201 term T1 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T1 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T1 then accept

set firewall family inet filter Only-Vlan201 term T2 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T2 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T2 then accept

set firewall family inet filter Only-Vlan201 term T3 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T3 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T3 then accept

 

set firewall family inet filter Only-Vlan201 term T4 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T4 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T4 then accept

 

set firewall family inet filter Only-Vlan201 term T5 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T5 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T5 then accept

 

set firewall family inet filter Only-Vlan201 term T6 from source-address 192.168.200.x/32 set firewall family inet filter Only-Vlan201 term T6 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T6 then accept

set firewall family inet filter Only-Vlan201 term T7 from source-address 192.168.5.x/32 set firewall family inet filter Only-Vlan201 term T7 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T7 then accept

set firewall family inet filter Only-Vlan201 term T8 from source-address 192.168.5.x/32 set firewall family inet filter Only-Vlan201 term T8 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T8 then accept

 

set firewall family inet filter Only-Vlan201 term T9 from destination-address 192.168.201.x/32 set firewall family inet filter Only-Vlan201 term T9 then deny

set firewall family inet filter Only-Vlan201 term default then accept

 

Regards,

 

SID

1 REPLY
Ethernet Switching

Re: needs to access some static users to a server ip using firewall filter

06.13.12   |  
‎06-13-2012 04:27 AM
I believe your T9 term should have destination address of 192.168.201.0/24.