SRX Services Gateway
Highlighted
SRX Services Gateway

Moving SRX firewall filter rules

‎01-31-2016 10:29 PM

Hello,

 

I would like to know the command  for moving the firewall filter rules in SRX , I have done it via GUI , but Gui is not permitted .

 

What I am looking is moving the Banned-ip list top of Term T1 in the below , I can delete term T1 add term banned-ip and then add T1, but want to know whether some command is available like access-list sequence number in Cisco

 

set firewall family inet filter outbound-nat term T1 from source-address X>X>X>X

set firewall family inet filter outbound-nat term T1  from source-address X>X>XX>

set firewall family inet filter outbound-nat term T1 from destination any

set firewall family inet filter outbound-nat term T1then accept

set firewall family inet filter outbound-nat term banned-ip from source-address x.x.x.x

set firewall family inet filter outbound-nat term banned-ip from destination-prefix-list  banned-ip-inside-to-out 

set firewall family inet filter outbound-nat term banned-ip then discard

1 REPLY 1
Highlighted
SRX Services Gateway

Re: Moving SRX firewall filter rules

‎01-31-2016 11:12 PM

Hi binoybaby,

You just need to go under the edit mode and under firewall filter configuration;
edit firewall family inet filter outbound-nat

and run;
[edit firewall family inet filter outbound-nat]
root# insert term banned-ip before term T1

and do a commit

Shailesh
[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]