Hi Team,
I have Core switch QFX 5110, and a lot off vlan has been configure. Vlan user and Vlan Server.
I need apply firewall filter on this switch,
- certain vlan user need to block from access to vlan server. So Block SSH,TELNET and RDP.
- certain vlan user need to access to vlan server.
example.
VLAN 10-20 block and cannot access to vlan Server. 192.168.10.0/24 -192.168.20.0/24
VLAN 30 allow to access Vlan Server. 192.168.30.0/24
VLAN Server is 192.168.2.0/24 and 192.168.55.0/24
Below is what i has done. I tested for single user first.
set firewall family inet filter BLOCK_SSH term SSH from source-address 192.168.20.15/32 (User)
set firewall family inet filter BLOCK_SSH term SSH from protocol tcp
set firewall family inet filter BLOCK_SSH term SSH from destination-port ssh
set firewall family inet filter BLOCK_SSH term SSH then count block.ssh
set firewall family inet filter BLOCK_SSH term SSH then reject
set firewall family inet filter BLOCK_SSH term BLOCK from destination-address 192.168.2.3/32 (Server)
set firewall family inet filter BLOCK_SSH term BLOCK from protocol tcp
set firewall family inet filter BLOCK_SSH term BLOCK from destination-port ssh
set firewall family inet filter BLOCK_SSH term BLOCK then count all-other
set firewall family inet filter BLOCK_SSH term BLOCK then accept
set interfaces lo0 unit 0 family inet filter input BLOCK_SSH
After i apply this config, all user cannot access to internet. and i remove this config, user can working fine.
Maybe my configuration was wrong. Please advice me what should i need to added with config.
Thanks
Hakam