Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Creating SRX Series Filters and Terms
To initialize a filter for use with WebApp Secure do the following:
- Log into the SRX series through SSH. Then enter cli and next enter configure to put the cli into configuration
mode.
Figure 1: Initialize Filter
- Next create the filter, term, and a placeholder action.
Because each term must have some sort of action, choose the next
term action. This passes the packet on to the next term in the
filter. Although the inside of the term will be replaced by WebApp
Secure, it will allow the filter to be created. To do this enter set firewall family inet filter my_filter term block then next term. You can enter show firewall to see your newly-created
filter.
Figure 2: Create Filter Term
Note: The filter name my_filter and term block are example names. You can choose any names you like, but remember them because you will need to inform \WebApp Secure of your name choices later on in the configuration.
- Although the filter is created, it is not set to intercept
incoming packets. You must now bind the filter to an interface. The
interface and unit names will be different depending on your network
implementation, but an example is: set interfaces ge-0/0/0 unit
0 family inet filter input my_filter. After binding to an interface,
you should see the newly created filter appear under the appropriate
interface when you enter show interfaces.
Figure 3: Bind Filter to Interface
- Save the changes by entering commit. Exit the
CLI by entering exit twice (once to exit configure mode,
and once to exit the CLI).
Warning: If the blocking term is misplaced after the default (accept) term, the filter will not commit. Make sure that the accepting term is placed after the blocking term. Remember: next term needs a next term to switch to.
