[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Creating
a Firewall Filter to Split the Port-Mirrored Traffic into Different Instances
If you need to split the copy of the monitored
traffic into separate groups and send these filtered packets to different
analyzers, devise a firewall filter that selects some traffic for
sampling and some traffic for discarding. In this case, UDP traffic
is sent into one routing instance, TCP traffic is diverted into a
second routing instance, and all other traffic is discarded. In a
later step, you will define the filter-based forwarding routing instances
specified in the then statements shown in this filter.
- [edit]
- firewall {
-
- family inet {
-
- filter tunnel-interface-filter {
-
- term tcp {
-
- from {
- protocol tcp;
- }
-
- then {
- count tcp;
- routing-instance tcp-routing-table;
- }
- }
-
- term udp {
-
- from {
- protocol udp;
- }
-
- then {
- count udp;
- routing-instance udp-routing-table;
- }
- }
-
- term rest {
-
- then {
- count rest;
- discard;
- }
- }
- }
- }
- }
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
