Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guidelines for Configuring and Applying Firewall Filters in Logical Systems

 

Statement Hierarchy for Configuring Firewall Filters in Logical Systems

To configure a firewall filter in a logical system, include the filter, service-filter, or simple-filter statement at the [edit logical-systems logical-system-name firewall family family-name] hierarchy level.

Filter Types in Logical Systems

There are no special restrictions on the types of stateless firewall filter types that you can configure in logical systems.

In a logical system, you can use the same types of stateless firewall filters that are available on a physical router or switch:

  • Standard stateless firewall filters

  • Service filters

  • Simple filters

Firewall Filter Protocol Families in Logical Systems

There are no special restrictions on the protocol families supported with stateless firewall filters in logical systems.

In a logical system, you can filter the same protocol families as you can on a physical router or switch.

  • Standard stateless firewall filters—In logical systems, you can filter the following traffic types: protocol-independent, IPv4, IPv6, MPLS, MPLS-tagged IPv4 or IPv6, VPLS, Layer 2 circuit cross-connection, and Layer 2 bridging.

  • Service filters—In logical systems, you can filter IPv4 and IPv6 traffic.

  • Simple filters—In logical systems, you can filter IPv4 traffic only.

Firewall Filter Match Conditions in Logical Systems

There are no special restrictions on the match conditions supported with stateless firewall filters in logical systems.

Firewall Filter Actions in Logical Systems

There are no special restrictions on the actions supported with stateless firewall filters in logical systems.

Statement Hierarchy for Applying Firewall Filters in Logical Systems

To apply a firewall filter in a logical system, include the filter filter-name, service-filter service-filter-name, or simple-filter simple-filter-name statement to a logical interface in the logical system.

The following configuration shows the hierarchy levels at which you can apply the statements: