[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Configuring a Firewall Filter for Packet Capture (Optional)

To configure a firewall filter and apply it to the logical interface:

  1. Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
  2. Perform the configuration tasks described in Table 222.
  3. If you are finished configuring the device, commit the configuration.
  4. To check the configuration, see Verifying Packet Capture.

Table 222: Configuring a Firewall Filter for Packet Capture

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Firewall level in the configuration hierarchy.
  1. In the J-Web interface, select Configuration>View and Edit>Edit Configuration.
  2. Next to Firewall, click Configure or Edit.

From the [edit] hierarchy level, enter

edit firewall

Define a firewall filter dest-all and a filter term—for example, dest-term—to capture packets with a particular destination address—for example, 192.168.1.1/32.
  1. Next to Filter, click Add new entry.
  2. In the filter name box, type dest-all.
  3. Next to Term, click Add new entry.
  4. In the Rule name box, type dest-term.
  5. Next to From, click Configure.
  6. Next to Destination address, click Add new entry.
  7. In the Address box, type 192.168.1.1/32.
  8. Click OK until you return to the Configuration page.

Set the filter and term name, and define the match condition and its action.

set firewall filter dest-all term dest-term from destination-address 192.168.1.1/32

set firewall filter dest-all term dest-term then sample accept

Navigate to the Interfaces level in the configuration hierarchy.

In the configuration editor hierarchy, select Interfaces.

Enter

set interfaces fe-0/0/1 unit 0 family inet filter output dest-all

Apply the dest-all filter to all the outgoing packets on the interface—for example, fe-0/0/1.0.

(See the interface naming conventions in the JUNOS Software Interfaces and Routing Configuration Guide.)
  1. In the Interface name box, click fe-0/0/1.
  2. In the Interface unit number box, click 0.
  3. Next to Inet, select Yes, and click Edit.
  4. Next to Filter, click Configure.
  5. In the Output box, type dest-all.
  6. Click OK until you return to the Interfaces page.

Note: If you apply a firewall filter on the loopback interface, it affects all traffic to and from the Routing Engine. If the firewall filter has a sample action, packets to and from the Routing Engine are sampled. If packet capture is enabled, then packets to and from the Routing Engine are captured in the files created for the input and output interfaces.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]