 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
If a firewall object references a subordinate object (for example, a policer or prefix list), that subordinate object must be defined within the firewall object. For example, if a firewall filter configuration references a policer, that policer must be configured under the same firewall object as the filter. This rule applies even if the same policer is configured under the main firewall configuration or if the same policer is configured as part of a firewall in another logical system.
In this example, the filter1 filter references the pol1 policer. Both filter1 and pol1 are defined under the same firewall object. This configuration is valid. If pol1 was defined under another firewall object, the configuration would not be valid.
- [edit]
- logical systems {
-
- ls1 {
-
- firewall {
-
- policer pol1 {
-
- if-exceeding {
- bandwidth-limit 401k;
- burst-size-limit 50k;
- }
- then discard;
- }
-
- filter filter1 {
-
- term one {
-
- from {
-
- source-address 12.1.0.0/16;
- }
-
- then {
-
- reject host-unknown;
- }
- }
-
- term two {
-
- from {
-
- source-address 12.2.0.0/16;
- }
-
- then policer pol1;
- }
- }
- }
- }
- }
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |