A network engineer is configuring a new Juniper device. They intend to apply a firewall filter to an interface to only allow SSH traffic from a specific management subnet. Which configuration approach best follows Juniper best practices?
Trap 1: Define the filter under 'firewall family inet' and apply it under…
Applying the filter to loopback would not filter traffic on ge-0/0/0.
Trap 2: Define the filter under 'firewall family inet' and apply it under…
Missing 'filter' keyword; correct syntax is 'filter input filter-name'.
Trap 3: Define the filter under 'firewall family any' and apply it under…
'family any' is not specific and may not behave as expected for IPv4 traffic.
- A
Define the filter under 'firewall family inet' and apply it under 'interfaces ge-0/0/0 unit 0 family inet filter input filter-name'
This follows Juniper best practices for applying firewall filters.
- B
Define the filter under 'firewall family inet' and apply it under 'interfaces lo0 unit 0 family inet filter input filter-name'
Why wrong: Applying the filter to loopback would not filter traffic on ge-0/0/0.
- C
Define the filter under 'firewall family inet' and apply it under 'interfaces ge-0/0/0 unit 0 family inet input'
Why wrong: Missing 'filter' keyword; correct syntax is 'filter input filter-name'.
- D
Define the filter under 'firewall family any' and apply it under 'interfaces ge-0/0/0 unit 0 family any filter input'
Why wrong: 'family any' is not specific and may not behave as expected for IPv4 traffic.