Thanks Daniel, this is encouraging... I wonder if I can get the specifics on when that will be available
Aaron -----Original Message----- From: dverl...@gmail.com [mailto:dverl...@gmail.com] On Behalf Of Daniel Verlouw Sent: Friday, April 1, 2016 3:03 PM To: Aaron <aar...@gvtc.com> Cc: juniper-nsp List <juniper-nsp@puck.nether.net> Subject: Re: [j-nsp] ACX5048 - protect remote access (telnet, ssh, http, snmp) Hi, On Fri, Apr 1, 2016 at 9:52 PM, Aaron <aar...@gvtc.com> wrote: > agould@eng-lab-acx5048-1# commit confirmed 1 [edit interfaces lo0 unit > 0 family inet] > 'filter' > Referenced filter 'local_acl' can not be used as default/physical > interface specific with lo0 not supported on ingress loopback > interface > error: configuration check-out failed ACX does not support lo0 filter presently, which sucks. Good news is that it's on the roadmap for sometime this year I believe. No clue why they left it out in the first place... As an alternative, you can apply input filter either to all your L3 interfaces, or use a fwd table filter. E.g. permit trusted src to your infra, deny non-trusted src to your infra, permit everything else for transit. Regards, Daniel. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp