Navigation
Supported Platforms
Related Documentation
- QFabric System, QFX Series standalone switches
- Overview of Firewall Filters
- Understanding How Firewall Filters Control Packet Flows
- Configuring Firewall Filters
Understanding Firewall Filter Processing Points for Bridged and Routed Packets
You apply firewall filters at multiple processing points in the forwarding path. At each processing point, the action to be taken on a packet is determined by the configuration of the filter and the results of the lookup in the forwarding or routing table.
For both bridged (Layer 2) unicast packets and routed (Layer 3) unicast packets, firewall filters are applied in the prescribed order shown below (assuming that each filter is present and a packet is accepted by each one).
Bridged packets:
- Ingress port filter
- Ingress VLAN filter
- Egress VLAN filter
- Egress port filter
Routed packets:
- Ingress port firewall filter
- Ingress VLAN firewall filter (Layer 2 CoS)
- Ingress router firewall filter (Layer 3 CoS)
- Egress router firewall filter
- Egress VLAN firewall filter
- Egress port filter
 | Note: MAC learning occurs before filters are applied, so switcheslearn the MAC addresses of packets that are dropped by ingress filters. |
Related Documentation
- QFabric System, QFX Series standalone switches
- Overview of Firewall Filters
- Understanding How Firewall Filters Control Packet Flows
- Configuring Firewall Filters
Published: 2014-07-23
Supported Platforms
Related Documentation
- QFabric System, QFX Series standalone switches
- Overview of Firewall Filters
- Understanding How Firewall Filters Control Packet Flows
- Configuring Firewall Filters
