Excellent options from everyone. I had thought of this before but I
simply was upset about the absence of an except term for the
firewall. Instead I simply used different terms for accepting packets
and policy routed packets.
On Mar 23, 2009, at 5:09 PM, Truman Boyes wrote:
Hi,
A simp
Hi,
A simple example for FBF would look like this:
l...@cs-m10i> show configuration groups tdb-fbf logical-routers
manhattan routing-instances
manhattan-alternate {
instance-type forwarding;
}
l...@cs-m10i> show configuration groups tdb-fbf logical-routers
manhattan routing-options
in
Hi,
Sorry, but I am not familiar with EX CLI. I presumed it would be same as
any other M/T/MX CLI. Please feel free to check with JTAC on this.
However, I still think you can achieve what you want using policy based
routing. In ingress filter (Layer3) on your LAN interface will forward
all
Or this can be a good opportunity for the EX or proxy to send back an
icmp redirect (sometimes they are useful)
back to the hosts in order to find the correct gateway for a given
destination. my suggestion is having the proxy
be the gateway and provide the proxy with a next hop of the EX for
inter
I wish it were. This is all traffic except for local traffic. Any
explanation for why the ex4200 doesn't have the except keyword?
On Mar 20, 2009, at 6:55 PM, Nilesh Khambal wrote:
Are using proxy just for http and https? Is so, then can you be
specific in the filters with protocol and por
Are using proxy just for http and https? Is so, then can you be specific
in the filters with protocol and ports. You can add a default accept at
the end of the filter to accept all other traffic that does not match
http or https. Traffic accepted by default accept will get routed using
inet.0 r
That would be great, and I thought of it just after I sent the email.
There's one big thing I'm missing though... except.
From an m7:
Possible completions:
<[Enter]>Execute this command
except Match address not in this prefix
From an ex4200:
<[Enter]>
Can you try policy based routing using input firewall filter on EX? This
was you can redirect the traffic to another forwarding-instance where
your proxy resides. You will also have to take care of reverse routing
from the proxy forwarding instance back to inet.0 on EX so that return
traffic ca
8 matches
Mail list logo