Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

fast-lookup-filter

Syntax

Hierarchy Level

Description

The fast-lookup-filter is available for the inet and inet6 protocol families for both static and dynamic profiles. Junos installs firewall filters created under this hierarchy to the accelerated filter block available in the certain MPCs, which provides enhanced performance.

Juniper recommends that you use the payload-protocol term rather than the next-header term when configuring a firewall filter with match conditions for IPv6 traffic. Although either can be used, payload-protocol provides the more reliable match condition because it uses the actual payload protocol to find a match, whereas next-header simply takes whatever appears in the first header following the IPv6 header, which may or may not be the actual protocol. In addition, if next-header is used with IPv6, the accelerated filter block lookup process is bypassed and the standard filter used instead.

See Firewall Filter Match Conditions for IPv6 Traffic for more information about firewall filters and terms.

Fast lookup filters can boost filtering performance by as much as three to four times for filters under 3000 terms. Firewall instances from the same firewall block can also be attached to multiple interfaces.

Required Privilege Level

firewall—To view this statement in the configuration.

firewall-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 13.3R3 for MX 240, MX 480, MX 960, MX 2010, and MX 2020 routers with MPC5E, MPC5EQ, or MPC6E, and later for MPC7E, MPC8E, and MPC9E MPCs.

Support for the next-header firewall match condition was added in Junos OS Release 13.3R6

Support for MPC2E-NG and MPC3E-NG MPCs was added in Junos OS Release 15.1R1.

Change History Table

Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.

Release
Description
15.1
Support for MPC2E-NG and MPC3E-NG MPCs was added in Junos OS Release 15.1R1.
13.3R6
Support for the next-header firewall match condition was added in Junos OS Release 13.3R6
13.3R3
Statement introduced in Junos OS Release 13.3R3 for MX 240, MX 480, MX 960, MX 2010, and MX 2020 routers with MPC5E, MPC5EQ, or MPC6E,