Add Terms to Firewall Filters
Use the Firewall-Filter-Name page to add a firewall term that controls the ingress and egress traffic. The traffic is classified by matching its source and destination IP addresses (for Layer 3), MAC addresses (for Layer 2), ports, or protocols.
To configure a firewall term:
- Select Configuration > SD-LAN > Firewall Filters.
The EX Firewall Filters page appears.
- Click the firewall filter to which you want to add the
The Firewall-Filter-Term-Name page appears.
- Click the add icon (+).
The option to create firewall term appears inline on the Firewall-Filter-Term-Name page.
- Complete the configuration according to the guidelines provided in Table 1.
- Click Save to save the changes. If you want to discard your changes, click Cancel instead.
If you click Save, a new firewall term with the provided configuration is added and a confirmation message is displayed.
If a firewall filter contains multiple terms, then, by default, the new term is always added at the top of the list of terms in the Firewall-Filter-Term-Name page. The term that is at the top of the list has higher priority than the others in the list. You can re-order the term by dragging and dropping the term at a different level in the list.
Table 1: Fields on the <Firewall-Filter-Term-Name> Page
Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters. If you do not enter a name, the term is saved with a default name assigned by CSO.
Enter a description for the firewall filter term; maximum length is 1024 characters.
Click the toggle button to enable (default) or disable the counter. The counter counts the number of packets that pass this filter term.
Note: If you have enabled counter for the firewall filter, you cannot add the firewall filter as an egress filter.
Click the toggle button to enable (default) or disable logging. By enabling logging, CSO logs the packet's header information in the Routing Engine.
Note: If you have enabled logging for the firewall filter, you cannot add the firewall filter as an egress filter.
Click the add icon (+) to select the source endpoints from the displayed list of IP addresses, MAC addresses, protocols, or ports to the firewall filter term. You can also select a source end point using the methods described in Selecting Firewall Source.
Click the add icon (+) to select the destination endpoints from the displayed list of IP addresses, MAC addresses, protocols, or ports to the firewall filter term. You can also select a destination end point using the methods described in Selecting Firewall Destination.
Click the add icon (+) to choose whether you want to permit or deny the traffic between the source and destination endpoints.
To add an endpoint to the source or destination:
To add new source and destination end points:
After adding terms to the firewall filter, assign the firewall filter as an ingress filter or egress filter in port profiles. See Add Port Profiles.