Technical Documentation

Configuring the Match Order for Fast Update Filters

You must include the match-order statement to explicitly specify the order in which router examines the match conditions. The router examines only those match conditions that you include in the statement. You can match a maximum of five conditions.

Note: If the match-order statement contains a condition that is not specified in the from statement of a term, the router considers that a wildcard for that condition.

If you use the same fast update filter in multiple dynamic profiles, you must configure the same match order for all profiles.

To configure the order in which the router examines the match conditions of a fast update filter:

  1. Access the fast update filter:
    [edit dynamic-profiles myProfile]user@host# edit firewall family inet fast-update-filter httpFilter
  2. Specify the mandatory interface-specific statement.
    [edit dynamic-profiles myProfile firewall family inet fast-update-filter httpFilter]user@host# set interface-specific
  3. Configure the match order for the match conditions in the filter. Use brackets to enclose multiple match conditions.
    [edit dynamic-profiles myProfile firewall family inet fast-update-filter httpFilter]user@host# set match-order [source-address protocol destination-port]

Published: 2010-04-15