Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation

Supported Platforms

 

Related Documentation

 

References from a Firewall Filter in a Logical System to Subordinate Objects

This topic covers the following information:

Resolution of References from a Firewall Filter to Subordinate Objects

If a firewall filter defined in a logical system references a subordinate object (for example, a policer or prefix list), that subordinate object must be defined within the firewall stanza of the same logical system. For example, if a firewall filter configuration references a policer, the firewall filter and the policer must be configured under the same [edit logical-systems logical-system-name firewall] hierarchy level.

This rule applies even if the same policer is configured under the main firewall configuration or if the same policer is configured as part of a firewall in another logical system.

Valid Reference from a Firewall Filter to a Subordinate Object

In this example, the firewall filter filter1 references the policer pol1. Both filter1 and pol1 are defined under the same firewall object. This configuration is valid. If pol1 had been defined under another firewall object, the configuration would not be valid.

[edit]
logical systems {ls-A {firewall {policer pol1 {if-exceeding {bandwidth-limit 401k;burst-size-limit 50k;}then discard;}filter filter1 {term one {from {source-address 12.1.0.0/16;}then {reject host-unknown;}}term two {from {source-address 12.2.0.0/16;}then policer pol1;}}}}}
 

Related Documentation

 

Published: 2013-04-10

Supported Platforms

 

Related Documentation

 

Published: 2013-04-10

Previous Page Next Page