Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions discuss ongoing efforts to support digital transformation on campus.
Watch now
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Retail experts Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; Jack Stratten of Insider Trends; and Christian Gilby, Senior Director of Product Marketing at Juniper Networks, discuss customer experiences.
See the future

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Home Documentation Mist AI Wired Switching Juniper Mist Wired Assurance Configuration Guide Switch Configuration

Juniper Mist Wired Assurance Configuration Guide

keyboard_arrow_up
close
keyboard_arrow_left
Juniper Mist Wired Assurance Configuration Guide
Table of Contents Expand all
list Table of Contents

Protection of Routing Engine

date_range 17-Sep-24
arrow_backward
arrow_forward

The Protection of Routing Engine feature ensures that the Routing Engine accepts traffic only from trusted systems. Enabling this feature results in creation of a stateless firewall filter that discards all traffic destined for the Routing Engine, except those from the specified trusted sources. Protecting the Routing Engine involves filtering incoming traffic on the router’s lo0 interface. Enabling this feature on Juniper Switches is suggested as a best practice.

Configure Protection of Routing Engine

When Protection of Routing Engine is enabled, Mist by default ensures that the following services (if configured) are allowed to communicate with the switch: BGP, BFD, NTP, DNS, SNMP, TACACS, RADIUS, and Mist cloud connectivity.

If you want to additionally configure ICMP or SSH to access the switch from, you can enable them under Trusted Services. Note that enabling ICMP and SSH opens these protocols to all networks.

If you want to configure the commonly used IP networks to access the switch from, you can configure that under Trusted Networks. Use this option if you want to access the switch from the entire network.

If you have other custom services (which are a specific combination of IP, Port and Protocol) that you would like to reach the switch from, you can configure them under Trusted IP/Port/Protocol. This option allows you to use a particular port and protocol to access the switch.

You can configure Protection of Routing Engine at the organization level (Organization > Switch Templates), at the site level (Site > Switch Configuration), and at the switch level (Switches > Switch Name).

The following procedure lists steps for configuring Protection of Routing Engine at the switch level.

To configure Protection of Routing Engine at the switch level:

  1. Click Switches > switch name to navigate to the switch details page.
  2. Scroll down to the PROTECTION OF ROUTING ENGINE tile in the Management section.
  3. Select the Override Site/Template Settings check box.
  4. Select the Enabled check box.

    When Protection of Routing Engine is enabled, Mist automatically parses the configuration and allows the end hosts (BGP neighbors, DNS/NTP/TACACS/RADIUS servers, SNMP Clients etc) to communicate with the switch. If you want to add additional IP or IP Subnet that you want the switch to communicate with, add those networks in the Trusted Networks section as mentioned in the next step.

  5. To add additional IP or IP Subnet that you want the switch to communicate with, enter the IP addresses in a comma separated format in the Trusted Networks field.
  6. If you want the switch to respond to the SSH and ICMP services, select the ssh and icmp check boxes.
  7. If you want the switch to respond to custom services (which are a specific combination of IP, Port and Protocol), follow the below steps:
    1. Click Add IP/Protocol/Port.
      The Add Trusted IP/Protocol/Port window is displayed.
    2. In the Add Trusted IP/Protocol/Port window, specify the IP Address, a Protocol, and an applicable Port Range.
    3. Click Add.
  8. Save the configuration.

Configuration Commands (CLIs)

content_copy zoom_out_map
"set groups top firewall family inet filter protect_re term allow_mist_obssh from source-port [ 2200 ]",
"set groups top firewall family inet filter protect_re term allow_mist_obssh then accept",
"set groups top firewall family inet filter protect_re term allow_dhcp from source-port [ 67 68 ]",
"set groups top firewall family inet filter protect_re term allow_dhcp from destination-port [ 67 68 ]",
"set groups top firewall family inet filter protect_re term allow_dhcp from protocol udp",
"set groups top firewall family inet filter protect_re term allow_dhcp then accept",
"set groups top firewall family inet filter protect_re term allow_bgp from source-prefix-list bgp_neighbors",
"set groups top firewall family inet filter protect_re term allow_bgp from source-prefix-list bgp_vrf_neighbors",
"set groups top firewall family inet filter protect_re term allow_bgp from destination-port [ 179 ]",
"set groups top firewall family inet filter protect_re term allow_bgp from protocol tcp",
"set groups top firewall family inet filter protect_re term allow_bgp then accept",
"set groups top firewall family inet filter protect_re term allow_bfd from source-prefix-list bgp_neighbors",
"set groups top firewall family inet filter protect_re term allow_bfd from source-prefix-list bgp_vrf_neighbors",
"set groups top firewall family inet filter protect_re term allow_bfd from destination-port [ 3784 4784 ]",
"set groups top firewall family inet filter protect_re term allow_bfd from protocol udp",
"set groups top firewall family inet filter protect_re term allow_bfd then accept",
"set groups top firewall family inet filter protect_re term allow_ntp from source-prefix-list ntp_servers",
"set groups top firewall family inet filter protect_re term allow_ntp from destination-port [ 123 ]",
"set groups top firewall family inet filter protect_re term allow_ntp from protocol udp",
"set groups top firewall family inet filter protect_re term allow_ntp then accept",
"set groups top firewall family inet filter protect_re term allow_dns from source-port [ 53 ]", "set groups top firewall family inet filter protect_re term allow_dns from protocol [ tcp udp ]", "set groups top firewall family inet filter protect_re term allow_dns then accept",
"set groups top firewall family inet filter protect_re term allow_radius from source-prefix-list radius_servers",
"set groups top firewall family inet filter protect_re term allow_radius from destination-port [ 1812 1813 ]",
"set groups top firewall family inet filter protect_re term allow_radius from protocol udp",
"set groups top firewall family inet filter protect_re term allow_radius then accept",
"set groups top firewall family inet filter protect_re term allow_tacacs from source-prefix-list tacacs_servers",
"set groups top firewall family inet filter protect_re term allow_tacacs from destination-port [ 49 ]",
"set groups top firewall family inet filter protect_re term allow_tacacs from protocol tcp",
"set groups top firewall family inet filter protect_re term allow_tacacs then accept",
"set groups top firewall family inet filter protect_re term allow_snmp_clients from source-prefix-list snmp_clients",
"set groups top firewall family inet filter protect_re term allow_snmp_clients from destination-port [ 161 10161 ]",
"set groups top firewall family inet filter protect_re term allow_snmp_clients from protocol udp",
"set groups top firewall family inet filter protect_re term allow_snmp_clients then accept",
"set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 10-216-192-1_32",
"set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 100-100-100-2_32",
"set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 8-8-8-8_32",
"set groups top firewall family inet filter protect_re term trusted_hosts then accept",
"set groups top firewall family inet filter protect_re term otherwise then discard",
"set groups top interfaces lo0 unit 0 family inet filter input protect_re",

Verify Protection of Routing Engine Configuration

Protection of Routing Engine (Trusted Networks Configuration)

Configuration commands (CLI)

content_copy zoom_out_map
set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 10-216-192-1_32
set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 100-100-100-2_32
set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 8-8-8-8_32
set groups top firewall family inet filter protect_re term trusted_hosts then accept
set groups top firewall family inet filter protect_re term otherwise then log
set groups top firewall family inet filter protect_re term otherwise then syslog
set groups top firewall family inet filter protect_re term otherwise then discard

APIs

content_copy zoom_out_map
“switch_mgmt”:  {
	“protect_re”: {
		“enabled”: true,
		“trusted_hosts”: [
			“10.216.192.1”,
			“100.100.100.2”,
			“8.8.8.8”
		],
		“allowed_services”: [],
		“custom”: []
	},

Use the show bgp summary command to get a summary of the status of BGP connections:

content_copy zoom_out_map
{master:0}
mist@Border-switch-R2-U21> show bgp summary
Warning: License key missing; One or more members of the VC require ‘bgp’ license
Threading mode: BGP I/O
Default eBGP mode: advertise - accept, receive - accept
Groups: 2 Peers: 4 Down peers: 0
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0
10          6          0          0          0          0
bgp.evpn.0
68         34          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
10.255.240.3          65002        101        103       0       1       42:08 Establ
inet.0: 3/5/5/0
10.255.240.5          65003         35         33       0       3       11:51 Establ
inet.0: 3/5/5/0
100.100.100.2         65002        206        209       0       0     1:06:18 Establ
bgp.evpn.0: 25/34/34/0
default-switch.evpn.0: 22/30/30/0
default_evpn.evpn.0: 0/0/0/0
100.100.100.3         65003         57         55       0       3       11:48 Establ
bgp.evpn.0: 9/34/34/0
default-switch.evpn.0: 8/30/30/0
default_evpn.evpn.0: 0/0/0/0

To test the Trusted Networks functionality, ping 100.100.100.2 from the switch, as shown below. You can see that all the transmitted packets are received without any packet loss.

content_copy zoom_out_map
mist@Border-switch-R2-U21> ping 100.100.100.2
PING 100.100.100.2 (100.100.100.2): 56 data bytes
64 bytes from 100.100.100.2: icmp_seq=0 ttl=64 time=2.695 ms
64 bytes from 100.100.100.2: icmp_seq=1 ttl=64 time=8.756 ms
64 bytes from 100.100.100.2: icmp_seq=2 ttl=64 time=13.312 ms
64 bytes from 100.100.100.2: icmp_seq=3 ttl=64 time=9.025 ms

--- 100.100.100.2 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 2.695/8.447/13.312/3.781 ms

{master:0}
mist@Border-switch-R2-U21> ssh root@100.100.100.3

{master:0}
mist@Border-switch-R2-U21> ssh root@100.100.100.2
Password:
Last login: Fri Feb  3 04:57:20 2023 from 10.255.240.2
--- JUNOS 21.3R1.9 Kernel 64-bit  JNPR-12.1-20210828.6e5b1bf_buil
root@CORE-1:RE:0%

Also, ping or ssh a network other than the trusted networks. As you can see below, the ping shows 100 percent packet loss.

content_copy zoom_out_map
mist@Border-switch-R2-U21> ssh root@100.100.100.3

{master:0}
mist@Border-switch-R2-U21> ssh root@100.100.100.4

{master:0}
mist@Border-switch-R2-U21> ping 100.100.100.3
PING 100.100.100.3 (100.100.100.3): 56 data bytes

--- 100.100.100.3 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss

{master:0}
mist@Border-switch-R2-U21> ping 100.100.100.4
PING 100.100.100.4 (100.100.100.4): 56 data bytes

--- 100.100.100.4 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

Protection of Routing Engine (Trusted Services Configuration)

Configuration commands (CLI)

content_copy zoom_out_map
"set groups top interfaces lo0 unit 0 family inet filter input protect_re",
"set groups top firewall family inet filter protect_re term allow_mist_obssh from source-port [ 2200 ]",
"set groups top firewall family inet filter protect_re term allow_mist_obssh then accept",
"set groups top firewall family inet filter protect_re term allow_dhcp from source-port [ 67 68 ]",
"set groups top firewall family inet filter protect_re term allow_dhcp from destination-port [ 67 68 ]",
"set groups top firewall family inet filter protect_re term allow_dhcp from protocol udp",
"set groups top firewall family inet filter protect_re term allow_dhcp then accept",
"set groups top firewall family inet filter protect_re term allow_bgp from source-prefix-list bgp_neighbors",
"set groups top firewall family inet filter protect_re term allow_bgp from source-prefix-list bgp_vrf_neighbors",
"set groups top firewall family inet filter protect_re term allow_bgp from destination-port [ 179 ]",
"set groups top firewall family inet filter protect_re term allow_bgp from protocol tcp",
"set groups top firewall family inet filter protect_re term allow_bgp then accept",
"set groups top firewall family inet filter protect_re term allow_bfd from source-prefix-list bgp_neighbors",
"set groups top firewall family inet filter protect_re term allow_bfd from source-prefix-list bgp_vrf_neighbors",
"set groups top firewall family inet filter protect_re term allow_bfd from destination-port [ 3784 4784 ]",
"set groups top firewall family inet filter protect_re term allow_bfd from protocol udp",
"set groups top firewall family inet filter protect_re term allow_bfd then accept",
"set groups top firewall family inet filter protect_re term allow_ntp from source-prefix-list ntp_servers",
"set groups top firewall family inet filter protect_re term allow_ntp from destination-port [ 123 ]",
"set groups top firewall family inet filter protect_re term allow_ntp from protocol udp",
"set groups top firewall family inet filter protect_re term allow_ntp then accept",
"set groups top firewall family inet filter protect_re term allow_dns from source-port [ 53 ]", "set groups top firewall family inet filter protect_re term allow_dns from protocol [ tcp udp ]", "set groups top firewall family inet filter protect_re term allow_dns then accept",
"set groups top firewall family inet filter protect_re term allow_radius from source-prefix-list radius_servers",
"set groups top firewall family inet filter protect_re term allow_radius from destination-port [ 1812 1813 ]",
"set groups top firewall family inet filter protect_re term allow_radius from protocol udp",
"set groups top firewall family inet filter protect_re term allow_radius then accept",
"set groups top firewall family inet filter protect_re term allow_tacacs from source-prefix-list tacacs_servers",
"set groups top firewall family inet filter protect_re term allow_tacacs from destination-port [ 49 ]",
"set groups top firewall family inet filter protect_re term allow_tacacs from protocol tcp",
"set groups top firewall family inet filter protect_re term allow_tacacs then accept",
"set groups top firewall family inet filter protect_re term allow_snmp_clients from source-prefix-list snmp_clients",
"set groups top firewall family inet filter protect_re term allow_snmp_clients from destination-port [ 161 10161 ]",
"set groups top firewall family inet filter protect_re term allow_snmp_clients from protocol udp",
"set groups top firewall family inet filter protect_re term allow_snmp_clients then accept",
"set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 10-216-192-1_32",
"set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 100-100-100-2_32",
"set groups top firewall family inet filter protect_re term trusted_hosts from source-prefix-list 8-8-8-8_32",
"set groups top firewall family inet filter protect_re term trusted_hosts then accept",
"set groups top firewall family inet filter protect_re term allow_ssh from destination-port [ 22 ]",
"set groups top firewall family inet filter protect_re term allow_ssh from protocol tcp",
"set groups top firewall family inet filter protect_re term allow_ssh then accept",
"set groups top firewall family inet filter protect_re term allow_icmp from protocol icmp",
"set groups top firewall family inet filter protect_re term allow_icmp then accept",
"set groups top firewall family inet filter protect_re term otherwise then discard",

APIs

content_copy zoom_out_map
“switch_mgmt”:  {
	“protect_re”: {
		“enabled”: true,
		“trusted_hosts”: [
			“10.216.192.1”,
			“100.100.100.2”,
			“8.8.8.8”
		],
		“allowed_services”: [
			“ssh”,
			“icmp”
		],
		“custom”: []
	},

To test the trusted services configuration, log in to a device which is not on the trusted network.

content_copy zoom_out_map
mist@Distribution-2-R2-U07-> ping 100.100.100.1
PING 100.100.100.1 (100.100.100.1): 56 data bytes
64 bytes from 100.100.100.1: icmp_seq=0 ttl=63 time=36.941 ms
64 bytes from 100.100.100.1: icmp_seq=1 ttl=63 time=45.158 ms

--- 100.100.100.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 36.941/41.050/45.158/4.108 ms

{master:0}
mist@Distribution-2-R2-U07-> ssh root@100.100.100.1
Password:
Last login: Fri Feb  3 07:23:35 2023 from 10.216.201.35
--- JUNOS 22.2R1.12 Kernel 64-bit  JNPR-12.1-20220623.dbb31e0_buil
root@Border-switch-R2-U21:RE:0%

To check the discarded packet, run the following additional CLI commands on the device:

content_copy zoom_out_map
set groups top firewall family inet filter protect_re term otherwise then log
set groups top firewall family inet filter protect_re term otherwise then syslog

mist@Distribution-1-R2-U06-> show firewall log
Log :
Time      Filter    Action Interface           Protocol        Src Addr                         Dest Addr
13:20:01  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:19:56  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:19:51  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:19:45  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:19:40  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:19:35  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:19:30  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:18:26  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:18:19  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:18:18  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
13:18:14  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:18:12  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
13:18:09  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:18:04  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
13:18:01  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
13:18:00  pfe       D      vtep.32769          UDP             0.0.0.0                          255.255.255.255
14:17:31  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:17:30  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:17:28  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:17:28  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:17:26  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:17:23  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:17:18  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:17:16  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:17:15  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:17:12  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:17:10  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:17:09  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:17:07  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:17:06  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:17:05  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:17:03  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:17:02  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:17:01  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:16:57  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:16:52  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:16:51  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:16:50  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:16:46  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:16:45  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:16:44  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:16:41  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:16:41  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:16:40  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:16:38  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:16:36  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:16:36  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:16:31  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:16:26  protect_re D     vme.0               UDP             10.216.199.80                    255.255.255.255
14:16:26  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:16:25  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:16:20  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6
14:16:19  protect_re D     vme.0               UDP             8.8.8.8                          10.216.202.6
14:16:16  protect_re D     vme.0               UDP             66.129.233.81                    10.216.202.6

Read also: Example: Configuring a Stateless Firewall Filter to Accept Traffic from Trusted Sources and Example: Configuring a Stateless Firewall Filter to Protect Against TCP and ICMP Floods.

arrow_backward PREVIOUS Configure Routing Policies on Switches via Mist
NEXT arrow_forward QoS Configuration
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
Protection of Routing Engine
keyboard_arrow_right
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top

keyboard_arrow_down
file_download
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
language