Verify the configuration of the stateful firewall filter. You can analyze the flow of the firewall filter terms by displaying the entire configuration.
From the J-Web interface, select Configuration>View and Edit>View Configuration Text. Alternatively, from configuration mode in the CLI, enter the show services or show firewall command for stateful firewall filters.
The sample output in this section displays the stateful firewall filter and NAT configured in Configuring a Stateful Firewall Filter with a Configuration Editor.
- [edit]
- user@host# show services
- stateful-firewall {
-
- rule to-wan-rule {
- match-direction output;
-
- term app-term {
-
- from {
- application-sets junos-algs-outbound;
- }
-
- then {
- accept;
- }
- }
-
- term accept-all-term {
-
- then {
- accept;
- }
- }
- }
-
- rule from-wan-rule {
- match-direction input;
-
- term wan-src-addr-term {
-
- from {
-
- source-address {
- 192.168.33.0/24;
- }
- }
-
- then {
- accept;
- }
- }
-
- term discard-all-term {
-
- then {
- discard;
- }
- }
- }
- }
- nat {
-
- pool public-pool {
- address-range low 10.148.2.1 high 10.148.2.32;
- port automatic;
- }
-
- rule nat-to-wan-rule {
- match-direction output;
-
- term private-public-term {
-
- then {
-
- translated {
- source-pool public-pool;
- translation-type source dynamic;
- }
- }
- }
- }
- }
- service-set wan-service-set {
- stateful-firewall-rules to-wan-rule;
- stateful-firewall-rules from-wan-rule;
- nat-rules nat-to-wan-rule;
-
- interface-service {
- service-interface sp-0/0/0;
- }
- }
Verify that the output shows the intended configuration of the stateful firewall filter.
Verify that the terms are listed in the order in which you want the packets to be tested. You can move terms within a firewall filter by using the insert CLI command.
For more information about the format of a configuration file, see the J-series Services Router Basic LAN and WAN Access Configuration Guide.
For information about the insert command, see the J-series Services Router Basic LAN and WAN Access Configuration Guide.