References from a Firewall Filter in a Logical System to Subordinate Objects
Resolution of References from a Firewall Filter to Subordinate Objects
If a firewall filter defined in a logical system references a subordinate object (for example, a policer or prefix list), that subordinate object must be defined within the firewall
stanza of the same logical system. For example, if a firewall filter configuration references a policer, the firewall filter and the policer must be configured under the same [edit logical-systems logical-system-name firewall]
hierarchy level.
This rule applies even if the same policer is configured under the main firewall configuration or if the same policer is configured as part of a firewall in another logical system.
Valid Reference from a Firewall Filter to a Subordinate Object
In this example, the firewall filter filter1
references the policer pol1
. Both filter1
and pol1
are defined under the same firewall object. This configuration is valid. If pol1
had been defined under another firewall object, the configuration would not be valid.
[edit] logical systems { ls-A { firewall { policerpol1
{ if-exceeding { bandwidth-limit 401k; burst-size-limit 50k; } then discard; } filterfilter1
{ term one { from { source-address 12.1.0.0/16; } then { reject host-unknown; } } term two { from { source-address 12.2.0.0/16; } then policer pol1; } } } } }