Navigation
Related Documentation
Example: Configuring an Outbound Traffic Filter
Firewall filters for outbound traffic direct the traffic through the desired IPsec tunnel and ensure that the tunneled traffic goes out the appropriate interface (see IPsec Tunnel Traffic Configuration Overview). Here, an outbound firewall filter is created on security Gateway A; it identifies the traffic to be encrypted and adds it to the input side of the interface that carries the internal VPN traffic:
[edit firewall] filter ipsec-encrypt-policy-filter {term term1 {from {source-address { # local network10.1.1.0/24;}destination-address { # remote network10.2.2.0/24;}}then ipsec-sa manual-sa1; # apply SA name to packetterm default {then accept;}
 | Note: The source address, port, and protocol on the outbound traffic filter must match the destination address, port, and protocol on the inbound traffic filter. The destination address, port, and protocol on the outbound traffic filter must match the source address, port, and protocol on the inbound traffic filter. |
