Scribd Logo
Upload

Welcome to Scribd!

  • DO Configuring Junos Policies Filters 9

    Uploaded by

    JuanMateo
    21 views1 page
    9

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    9

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    21 views1 page

    DO Configuring Junos Policies Filters 9

    Uploaded by

    JuanMateo
    9

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Chapter 1: Policy and Firewall Filters Introduction

    TIP Still confused about what a firewall filter is? Maybe it would be helpful
    if you referred to it by a common industry name – access control list
    (ACL).

    Don’t be confused by the word “firewall” here. Traditionally you


    might think of a firewall as being a specialized networking appliance
    that keeps track of flows and blocks unwanted traffic from entering
    the network. This assumes that a firewall is stateful, but there are
    many types of firewalls and the Junos firewall filter is a stateless packet
    filter, and it is not limited to just discarding packets. Packet classifica-
    tion, counting, sampling, rate limiting, and logging are other capabili-
    ties of a Junos firewall filter.

    Quick Comparison of Policy and Firewall Filters


    So policies and firewall filters are very similar in syntax, even though
    they have different purposes in Junos operation. Policy is used to
    control routing information, which indirectly influences packet flow
    through the router or switch. Firewall filters affect packet flow directly
    by taking action on individual packets as they traverse the router or
    switch.

    NOTE In Junos, firewall filters are technically policies, which is why they are
    presented concurrently in this book as well as in Juniper Networks
    Technical Documentation. This book, however, tries to avoid mention-
    ing the word “policy” when discussing firewall filters in order to
    minimize confusion.

    Even though policy and firewall filters are contained under different
    configuration stanzas in Junos, the configuration architecture is the
    same. It’s the purpose and implementation differences that separate
    them. The primary building block of both policy and firewall filters is
    the “term.” Functions are grouped into terms and it is those terms that
    are evaluated, in sequential order, to determine the outcome of the
    policy. Terms contain the match conditions as well as the associated
    actions if the match conditions are met.

    MORE? If you need a more comprehensive comparison of policy and firewall


    filters, then check out Comparison of Routing Policies and Firewall
    Filters, at http://www.juniper.net/techpubs/en_US/junos10.4/topics/
    reference/general/policy-routing-policies-firewall-filters-comparison.
    html.

    You might also like