Yup, we can do selective packet mode using firewall filters. Its normally applied in the input direction however, note, it needs to be on all interfaces where we will see packets that we dont want to send to the flow module, ie the reply packets as well
As for a script, sadly dont have one, however if you do get one, I would like to have a copy. :) On 9 August 2012 15:13, Phil Mayers <p.may...@imperial.ac.uk> wrote: > All, > > On the J-series and branch SRX, if you want to use selective packet mode > (because you want to do IPSec at the same time as MPLS, for example) then, > as I understand it, you need to exclude traffic *to* the box itself from > packet mode. > > Is this correct? > > Does anyone have a handy op-script that will build a prefix list of all > local IPs, to help with automating this? > ______________________________**_________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp> > _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
