Scribd Logo
Upload

Welcome to Scribd!

  • Firewall Filter Lab

    Uploaded by

    alishafaqali
    6 views8 pages
    Practise Firewall filter lab Juniper

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Practise Firewall filter lab Juniper

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views8 pages

    Firewall Filter Lab

    Uploaded by

    alishafaqali
    Practise Firewall filter lab Juniper

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Firewall Filter Lab

    In this lab we are going to create a firewall filter to limit access to


    SRX1 to SSH and only from a
    trusted subnet. We need to specify that traffic not matching the
    filter will discarded and we need to
    apply the filter to the
    management interface which is the loopback.
    root@SRX1
    > edit
    Entering configuration mode
    [edit]
    root@SRX1
    #
    edit firewall
    [edit firewall]
    root@SRX1
    #
    edit filter
    allow
    ssh
    [edit firewall filter
    allow
    ssh
    ]
    root@SRX1
    #
    edit term allow
    ssh
    from
    [edit firewall filter
    allow
    ssh
    term allow
    -

    ssh
    from]
    root@SRX1
    #
    set from source
    address
    192.168.1.0/24
    [edit firewall filter
    allow
    ssh
    term allow
    ssh
    from]
    root@SRX1
    #
    set from protocol tcp
    [edit firewall filter
    allow
    ssh
    term allow
    ssh
    from]
    root@SRX1
    #
    set from destination
    port 22
    [edit firewall filter
    allow
    ssh
    term allow

    ssh
    from]
    root@SRX1
    #
    set then accept
    [edit firewall filter
    allow
    ssh
    term allow
    ssh
    from]
    root@SRX1
    #
    show
    [edit firewall filter
    allow
    ssh
    term allow
    ssh
    from]
    root@SRX1
    #
    up
    [edit firewall filter
    allow
    ssh
    ]
    root@SRX1
    #
    edit term
    untrusted

    ssh
    deny
    [edit firewall filter
    allow
    ssh
    term
    untrusted
    ssh
    deny
    ]
    root@SRX1
    #
    set from protocol tcp destination
    port ssh
    [edit firewall filter
    allow
    ssh
    term
    untrusted
    ssh
    deny
    ]
    root@SRX1
    #
    set then discard
    [edit firewall filter
    allow
    ssh
    term
    untrusted

    ssh
    deny
    ]
    root@SRX1
    #
    show
    [edit firewall filter
    allow
    ssh
    term
    untrusted
    ssh
    deny
    ]
    root@SRX1
    #
    up
    [edit
    firewall filter
    allow
    ssh
    ]
    root@SRX1
    #
    edit term accept
    all
    other
    [edit firewall filter
    allow
    ssh
    term accept

    all
    other]
    root@SRX1
    #
    set then accept
    [edit firewall filter
    allow
    ssh
    term accept
    all
    other]
    root@SRX1
    #
    up
    [edit firewall filter
    allow
    ssh
    ]
    root@SRX1
    #
    show
    term allow
    ssh
    from {
    from {
    source
    address {
    192.168.1.0/24
    }
    protocol tcp;
    destination

    port ssh;
    }
    then accept;
    }
    term
    untrusted
    ssh
    deny
    {
    from {
    protocol tcp;
    destination
    port ssh;
    }
    then {
    discard;
    }
    }
    }
    term accept
    all
    other {
    then accept;
    }
    [edit firewall filter ssh
    allow]
    juniper@br#
    top edit interfaces
    [edit interfaces]
    juniper@br#
    edit lo0
    [edit interfaces lo0]
    juniper@br#

    set unit 0 family inet filter input allow


    ssh
    [edit interfaces lo0]
    juniper@br#
    show
    [edit interfaces lo0]
    juniper@br#
    commit and
    quit

    You might also like