Hello,
has anyone come up against this with the EX4200's? That a firewall
filter will only affect a packet traversing a physical interface..
==trunk==>[port A] (RVI A)..(RVI B) [port B]--access-->
^
filter applied here --------|
I was expecting the filter on 'input' on RVI B to block traffic, but it
only works entirely when you filter on its 'output'.
Else the host behind [port B] gets the SYN, SYNACKs back, and /then/ it
is blocked by the ethernet-switching or inet filter.
The docs don't mention this, except they never give an example of
filtering on an RVI, just physical routed interfaces. But they DO say
you can do it.. page 1368 of the "Software Guide for EX Series Ethernet
Switches, Release 10.0".
What gives? (I have a case open with JTAC but it's hopeless trying to
convince them to grasp and replicate, so far)
C.
--
020 7729 4797
http://blog.playlouder.com/
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
