[Contents] [Prev] [Next] [Index] [Report an Error]

Create a Firewall Filter to Split the Port-Mirrored Traffic into Different Instances

If you need to split the copy of the monitored traffic into separate groups and send these filtered packets to different analyzers, devise a firewall filter that selects some traffic for sampling and some traffic for discarding. In this case, UDP traffic is sent into one routing instance, TCP traffic is diverted into a second routing instance, and all other traffic is discarded. In a later step, you will define the filter-based forwarding routing instances specified in the then statements shown in this filter.

[edit]

firewall {

    family inet {

        filter tunnel-interface-filter {

            term tcp {

                from {

                    protocol tcp;

                then {

                    count tcp;

                    routing-instance tcp-routing-table;

            term udp {

                from {

                    protocol udp;

                then {

                    count udp;

                    routing-instance udp-routing-table;

            term rest {

                then {

                    count rest;

                    discard;

[Contents] [Prev] [Next] [Index] [Report an Error]