Hi,
I want to create some firewall filters on EX4600.
I just want network 192.168.11.0/24 talk only to 192.168.12.0/24 and 192.168.12.0/24 only to 192.168.11.0/24.
I created this rules :
root@SD-TST-C012-1# show firewall family inet filter ACL_IN
term T1 {
from {
source-address {
192.168.11.0/24;
}
destination-address {
192.168.12.0/24;
}
}
then accept;
}
root@SD-TST-C012-1# show firewall family inet filter ACL_OUT
term T1 {
from {
source-address {
192.168.12.0/24;
}
destination-address {
192.168.11.0/24;
}
}
then accept;
}I applied this configuration on my IRB interface :
root@SD-TST-C012-1# show interfaces irb.3082 family inet
filter {
input ACL_IN;
output ACL_OUT;
}
address 192.168.11.1/24 {
vrrp-group 11 {
virtual-address 192.168.11.3;
priority 200;
accept-data;
}
}
root@SD-TST-C012-2# show interfaces irb.3082 family inet
filter {
input ACL_IN;
output ACL_OUT;
}
address 192.168.11.2/24 {
vrrp-group 11 {
virtual-address 192.168.11.3;
priority 100;
accept-data;
}
}
My problem is nothing ping.
Do you have an idea ?
Thank you.