Applying the Filter or Service Set to the Interface Receiving Traffic to Be Secured
For the ES PIC, apply your firewall filter on the input interface receiving the traffic that you wish to send to the IPSec tunnel. To do this, include the filter statement at the [edit interfaces interface-name unit unit-number family inet] hierarchy level.
For the AS and MultiServices PICs, apply your IPSec-based interface service set to the input interface receiving the traffic that you wish to send to the IPSec tunnel. To do this, include the service-set service-set-name statement at the [edit interfaces interface-name unit unit-number family inet service (input | output)] hierarchy level.
To configure a next-hop-based service set on the AS and MultiServices PICs, include the service-domain statement at the [edit interfaces interface-name unit unit-number] hierarchy level and specify one logical interface on the AS PIC as an inside interface and a second logical interface on the AS PIC as an outside interface.
