Routing

last person joined: 3 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.

  • 1.  Firewall Filter on M10i

    Posted 11-09-2014 20:02

    router> show configuration firewall
    familyinet {
    filter demo {
    term example {
    from {
    source-address {
    100.100.100.0/24;
    }
    destination-address {
    200.200.200.0/24;
    }
    }
    then {
    reject;
    }
    }
    term testing {
    from {
    source-address {
    10.10.10.0/28;
    }
    destination-address {
    200.200.200.0/24;
    }

    }
    then sample;
    }
    term results {
    from {
    address {
    200.200.200.0/24;
    }
    }
    then accept;
    }
    term final {
    thenpolicer LAPD;
    }
    }
    }

     

    what will happen to traffic from source 10.10.10.25
    destined to 200.200.200.1?

     

    Will it be rejected dropped or permitted?



  • 2.  RE: Firewall Filter on M10i
    Best Answer

     
    Posted 11-10-2014 03:06

    This src/dst pair will match the last term which has a nonterminating action and by default it has an accept action.

     

     

     

    =====

    If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.



  • 3.  RE: Firewall Filter on M10i

    Posted 11-12-2014 23:23

    sampling is used to sample IP traffic based on particular input interfaces and various fields in the packet header. In this case it will revert to the previous action set.