Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

filter (Firewall Filters)

Syntax

Hierarchy Level

Description

Configure firewall filters.

Options

filter-name—Name that identifies the filter. The name can contain letters, numbers, and hyphens (-), and can be up to 64 characters long. To include spaces in the name, enclose it in quotation marks.

micro-segmentation—Enables Group Based Policy (GBP) tagging for use with macro and micro segmentation on VXLAN. GBPs make use of existing layer 3 VXLAN network identifiers (VNI), in conjunction with firewall filter policies, to provide micro-segmentation at the level of device or tag, independent of the underlying network topology.

These match conditions are supported for GBP tagging:

  • ip-version ipv4 <ip address> | <prefix-list>

  • ip-version ipv6 <ip address> | <prefix-list>

  • mac-address <mac address>

  • interface <interface_name> vlan-id <vlan id>

  • vlan-id <vlan id>

  • interface <interface_name>

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

firewall—To view this statement in the configuration.firewall-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.0.

Option interface-specific introduced in Junos OS Release 9.5 for EX Series switches.

Option micro-segmentation introduced in Junos OS Release 22.4R1 for supported EX4100, EX4400, EX4650, and QFX5120 Series switches.

Related Documentation