I'm not aware of any roadmap features that will do this, as we have an existing
method to do this today. It's easy enough to divert ingress traffic into a
different routing-instance with FBF, then just apply stateful policy to it.
Doug
-Original Message-
From:
The SRX policy actions (count, deny, log, permit, reject) are helpful, but
a little limited. I am wondering if there might be a way to enforce a
special action such as take the ip address of the source packet and inject
it into a routing table of some sort.
What I have in mind is some way to
On 3/17/2011 at 3:04 PM, Clarke Morledge chm...@wm.edu wrote:
The SRX policy actions (count, deny, log, permit, reject) are helpful, but
a little limited. I am wondering if there might be a way to enforce a
special action such as take the ip address of the source packet and inject
it
You can create a firewall filter and using the routing-instance knob.
-Original Message-
From: juniper-nsp-boun...@puck.nether.net
[mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of Clarke Morledge
Sent: Thursday, March 17, 2011 3:05 PM
To: juniper-nsp
Subject: [j-nsp] SRX policy
Have you looked into an inline IPS in front of the SRX to just block
misbehaving host? I've had a lot of success with this.
- Original Message -
From: juniper-nsp-boun...@puck.nether.net juniper-nsp-boun...@puck.nether.net
To: juniper-nsp juniper-nsp@puck.nether.net
Sent: Thu Mar 17
-Original Message-
From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-
boun...@puck.nether.net] On Behalf Of Clarke Morledge
Sent: Thursday, March 17, 2011 6:05 PM
To: juniper-nsp
Subject: [j-nsp] SRX policy action to inject a route in a table??
The SRX policy actions
6 matches
Mail list logo
