site_logo

Previous Next


  1. JNCIA exam sim
  2. Juniper JNCIA Netsim
  3. JNCIA ExamSim with Netsim

Routing Policies and Firewall Filters

11. JUNOS, Effect of filters on packets.

In Junos, firewall filters have a direct effect on packets as they traverse the network. When a packet enters a Junos device, it is evaluated against each term in the applied firewall filter(s). The filter's match criteria are used to determine whether the packet matches the term, and if so, the actions specified in the term are performed on the packet.

The actions performed on the packet can include accepting the packet, rejecting the packet, counting the packet, logging the packet, or discarding the packet. For example, if a packet matches a term with an accept action, the packet is allowed to pass through the network and continue on its journey. If a packet matches a term with a reject action, the packet is blocked and a notification is sent to the source indicating that the packet was blocked.

The evaluation of the packets against the terms in the firewall filter(s) is performed in the order in which the terms are listed. If a packet matches a term, no further evaluation is performed and the actions specified in that term are performed on the packet. If a packet does not match any of the terms, it is subject to the actions specified in the catch-all term, typically a deny or reject action

In this way, Junos firewall filters provide a flexible and powerful mechanism for controlling network traffic and enhancing network security. By specifying match criteria and actions, network administrators can create complex processing rules that control the flow of packets through the network and ensure that only desired traffic is allowed.

An example of Effect of filters on packets

Here's an example of how a Junos firewall filter can affect packets in the network:

Suppose a Junos device is configured with the following firewall filter:

filter allow-web-traffic {
    term allow-http {
        from {
            protocol tcp;
            destination-port 80;
        }
        then {
            accept;
        }
    }
    term deny-all {
        then {
            reject;
        }
    }
}

In this example, the filter allow-web-traffic has two terms: allow-http and deny-all.

When a packet enters the Junos device, it is evaluated against the terms in the filter allow-web-traffic. If the packet's protocol is TCP and its destination port is 80, it matches the allow-http term and is accepted by the device. The packet is then forwarded to its destination.

On the other hand, if the packet's protocol is not TCP or its destination port is not 80, it does not match the allow-http term. In this case, the packet is evaluated against the deny-all term. Since all remaining traffic is subject to the deny-all term, the packet is rejected by the Junos device and a notification is sent to the source indicating that the packet was blocked.

In this example, the firewall filter allow-web-traffic is affecting the packets entering the Junos device by either accepting or rejecting them based on their protocol and destination port.

Previous Next




simulationexams.com ad

certexams.com ad