Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Related Documentation
Understanding Firewall Filter Processing Points for Bridged and Routed Packets
You apply firewall filters at multiple processing points in the forwarding path. At each processing point, the action to be taken on a packet is determined by the configuration of the filter and the results of the lookup in the forwarding or routing table.
For both bridged (Layer 2) unicast packets and routed (Layer 3) unicast packets, firewall filters are applied in the prescribed order shown below (assuming that each filter is present and a packet is accepted by each one).
Bridged packets:
- Ingress port filter
- Ingress VLAN filter
- Egress VLAN filter
- Egress port filter
Routed packets:
- Ingress port firewall filter
- Ingress VLAN firewall filter (Layer 2 CoS)
- Ingress router firewall filter (Layer 3 CoS)
- Egress router firewall filter
- Egress VLAN firewall filter
- Egress port filter
 | Note: MAC learning occurs before filters are applied, so QFX Series products learn the MAC addresses of packets that are dropped by ingress filters. |
