Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Add Firewall Filters and Terms

 

Use the Add Firewall Filter page to add a new ingress or egress firewall filter.

To add a firewall filter:

  1. Select Configuration > SD-LAN > Firewall Filters.

    The EX Firewall Filters page appears.

  2. Click the add icon (+) to add a new firewall filter.

    The Add Firewall Filter page appears.

  3. Complete the configuration according to the guidelines provided in Table 1.Note

    Fields marked with * are mandatory.

  4. Click OK.

    The firewall filter is added to CSO. You are returned to the EX Firewall Filters page where a confirmation message is displayed.

  5. Select the firewall filter added in 4 and click the add icon (+).

    The option to add firewall term appears inline on the Firewall-Filter-Term-Name page.

  6. Complete the configuration according to the guidelines provided in Table 2.
  7. Click Save to save the changes.

    A new firewall term with the provided configuration is added and a confirmation message is displayed.

Table 1: Fields on the Add Firewall Filter Page

Field

Description

Name

Enter a unique name for the firewall filter. The name can contain only alphanumeric characters and hyphen (-); the maximum length allowed is 15 characters.

Description

Enter a description for the firewall filter.

Table 2: Fields on the <Firewall-Filter-Term-Name> Page

Field

Description

Name

Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. No spaces are allowed and the maximum length is 255 characters. If you do not enter a name, the term is saved with a default name assigned by CSO.

Description

Enter a description for the firewall filter term; maximum length is 1024 characters.

Counter

Click the toggle button to enable) or disable (default) the counter. The counter counts the number of packets that pass this filter term.

Note: If you have enabled the counter for the firewall filter, you cannot add the firewall filter as an egress filter.

Logging

Click the toggle button to enable or disable (default) logging. By enabling logging, CSO logs the packet's header information in the Routing Engine.

Note: If you have enabled logging for the firewall filter, you cannot add the firewall filter as an egress filter.

Source

Click the add icon (+) to select the source endpoints from the displayed list of IP addresses, MAC addresses, protocols, or ports to the firewall filter term. You can also select a source end point using the methods described in Selecting Firewall Source.

Destination

Click the add icon (+) to select the destination endpoints from the displayed list of IP addresses, MAC addresses, protocols, or ports to the firewall filter term. You can also select a destination end point using the methods described in Selecting Firewall Destination.

Select Action

Click the add icon (+) to choose whether you want to permit or deny the traffic between the source and destination endpoints.

  • Allow—Device permits the traffic.

  • Deny—Device silently drops all packets for the session.

Endpoints

To add an endpoint to the source or destination:

  1. Click Select Source or Select Destination text box and then click the lesser-than icon (<) on the right side of the page to open the End Points panel.

    The End Points panel displays the endpoints from addresses, MAC, protocols, and ports relevant to the source or destination based on your selection.

    Note: You can also search for a specific end point using the search option.

  2. Select the endpoint you want to add and click the check mark icon () to add it the source or destination.

    The selected endpoint is added to the source or destination.

To add new source and destination end points:

  1. Click the less-than icon (<) on the right side of the page to open the End Points panel.

  2. Click the add icon (+) on the top right of the End Points panel.

    A list of endpoints that you can add is displayed.

  3. Select the endpoint you want to add.

    You can add the following endpoints:

    • Address or address group.

    • MAC address.

    • Protocol.

    • Port.

  4. Click Save to add the new endpoint.

    The endpoint that you added is listed in the End Points panel.

  5. Select the endpoint that you want to add to the source or destination, and click on the check mark icon ().

    The endpoint is added to the source or destination as specified.

WHAT'S NEXT

After you configure the firewall filter, assign the firewall filter as an ingress filter or egress filter in a port profile. See Add Port Profiles.