Juniper JUNOS OS 10.3 - SOFTWARE, Manual

Page: 3151 / 3946

user@switch#
set family inet filter egress-router-corp-class term corp-expedite then
forwarding-class expedited-forwarding
user@switch# set family inet filter egress-router-corp-class term corp-expedite then
loss-priority low
3.
Define the term not-to-corp :
[edit firewall]
user@switch#
set family inet filter egress-router-corp-class term not-to-corp then
accept
4.
Apply the firewall filter egress-router-corp-class as an output filter for the port on
the switch's uplink module, which provides a Layer 3 connection to a router:
[edit interfaces]
user@switch#
set ge-0/1/0 description "filter at egress router to expedite employee
traffic destined for corporate network"
user@switch#
set ge-0/1/0 unit 0 family inet address 103.104.105.1
user@switch# set ge-0/1/0 unit 0 family inet filter output egress-router-corp-class
Results Display the results of the configuration:
user@switch# show
firewall {
family inet {
filter egress-router-corp-class {
term corp-expedite {
from {
destination-address 192.0.2.16/28;
}
then {
forwarding-class expedited-forwarding;
loss-priority low;
}
}
term not-to-corp {
then {
accept;
}
}
}
}
}
interfaces {
ge-0/1/0 {
unit 0 {
description "filter at egress router interface to expedite employee traffic destined
for corporate network";
family inet {
source-address 103.104.105.1
filter {
output egress-router-corp-class;
}
}
}
}
}
3055 Copyright © 2010, Juniper Networks, Inc.
Chapter 101: Examples of Firewall Filters Configuration