You can probably achieve that using apply-path. This book has several good examples:
http://www.juniper.net/us/en/community/junos/training-certification/day-one/fundamentals-series/securing-routing-engine/ :w On Thu, Aug 9, 2012 at 7:37 AM, Mark Menzies <m...@deimark.net> wrote: > Yup, we can do selective packet mode using firewall filters. > > Its normally applied in the input direction however, note, it needs to be > on all interfaces where we will see packets that we dont want to send to > the flow module, ie the reply packets as well > > As for a script, sadly dont have one, however if you do get one, I would > like to have a copy. :) > > On 9 August 2012 15:13, Phil Mayers <p.may...@imperial.ac.uk> wrote: > >> All, >> >> On the J-series and branch SRX, if you want to use selective packet mode >> (because you want to do IPSec at the same time as MPLS, for example) then, >> as I understand it, you need to exclude traffic *to* the box itself from >> packet mode. >> >> Is this correct? >> >> Does anyone have a handy op-script that will build a prefix list of all >> local IPs, to help with automating this? >> ______________________________**_________________ >> juniper-nsp mailing list juniper-nsp@puck.nether.net >> https://puck.nether.net/**mailman/listinfo/juniper-nsp<https://puck.nether.net/mailman/listinfo/juniper-nsp> >> > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp