 |
Note: Source class usage and destination class usage are not supported on the interfaces you configure as tunnel sources. This affects only the transit packets exiting the tunnel. |
Class-based filter conditions match packet fields based on source class or destination class. A source class is a set of source prefixes grouped together and given a class name. A destination class is a set of destination prefixes grouped together and given a class name.
You can specify the source class in the following way:
- [edit firewall filter inet filter-name term term-name]
- from {
- source-class class-name;
- }
You can specify the destination class in the following way:
- [edit firewall filter inet filter-name term term-name]
- from {
- destination-class class-name;
- }
You can specify a source class or destination class for an output firewall filter. Although you can specify a source class and destination class for an input firewall filter, the counters are incremented only if the firewall filter is applied on the output interface.
The class-based filter match condition works only for output filters because the source class usage (SCU) and destination class usage (DCU) are determined after route lookup.
|
Note: Source class usage and destination class usage are not supported on the interfaces you configure as tunnel sources. This affects only the transit packets exiting the tunnel. |
|
Note: Class-based filter match conditions are not supported on the J-series Services Routers. |
|
Note: Class-based filter match conditions are supported for inet and inet6 address families on the M-series platforms. |
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |