Creating SRX Series Filters and Terms

To initialize a filter for use with WebApp Secure do the following:

  1. Log into the SRX series through SSH. Then enter cli and next enter configure to put the cli into configuration mode.

    Figure 37: Initialize Filter

    Initialize Filter
  2. Next create the filter, term, and a placeholder action. Because each term must have some sort of action, choose the next term action. This passes the packet on to the next term in the filter. Although the inside of the term will be replaced by WebApp Secure, it will allow the filter to be created. To do this enter set firewall family inet filter my_filter term block then next term. You can enter show firewall to see your newly-created filter.

    Figure 38: Create Filter Term

    Create Filter Term

    Note: The filter name my_filter and term block are example names. You can choose any names you like, but remember them because you will need to inform \WebApp Secure of your name choices later on in the configuration.

  3. Although the filter is created, it is not set to intercept incoming packets. You must now bind the filter to an interface. The interface and unit names will be different depending on your network implementation, but an example is: set interfaces ge-0/0/0 unit 0 family inet filter input my_filter. After binding to an interface, you should see the newly created filter appear under the appropriate interface when you enter show interfaces.

    Figure 39: Bind Filter to Interface

    Bind Filter to Interface
  4. Save the changes by entering commit. Exit the CLI by entering exit twice (once to exit configure mode, and once to exit the CLI).

    Warning: If the blocking term is misplaced after the default (accept) term, the filter will not commit. Make sure that the accepting term is placed after the blocking term. Remember: next term needs a next term to switch to.

Related Documentation