Technical Documentation

Creating a Firewall Filter to Split the Port-Mirrored Traffic into Different Instances

If you need to split the copy of the monitored traffic into separate groups and send these filtered packets to different analyzers, devise a firewall filter that selects some traffic for sampling and some traffic for discarding. In this case, UDP traffic is sent into one routing instance, TCP traffic is diverted into a second routing instance, and all other traffic is discarded. In a later step, you will define the filter-based forwarding routing instances specified in the then statements shown in this filter.

[edit]firewall {family inet {filter tunnel-interface-filter {term tcp {from {protocol tcp;}then {count tcp;routing-instance tcp-routing-table;}}term udp {from {protocol udp;}then {count udp;routing-instance udp-routing-table;}}term rest {then {count rest;discard;}}}}}

Published: 2010-04-15