What is the proper ingress processing sequence for firewall filters on an EX Series switch?
A.
router filter, port filter, VLAN filter
B.
port filter, VLAN filter, router filter
C.
router filter, VLAN filter, port filter
D.
VLAN filter, port filter, router filter
Explanation:
Firewall Filters for EX Series Switches OverviewFirewall filters provide rules that define whether to permit, deny, or forward packets that are transiting an interface on a Juniper Networks EX Series Ethernet Switch from a source address to a destination address. You configure firewall filters to determine whether to permit, deny, or forward traffic before it enters or exits a port, VLAN, or Layer3 (routed) interface to which the firewall filter is applied. To apply a firewall filter, you must first configure the filter and then apply it to an port, VLAN, or Layer 3 interface.
You can apply firewall filters to network interfaces, aggregated Ethernet interfaces (also known as link aggregation groups (LAGs)), loopback interfaces, management interfaces, virtual management Ethernet interfaces (VMEs), routed VLAN interfaces (RVIs), and Virtual Chassis port (VCP) interfaces. For information on EX Series switches that support a firewall filter on these interfaces, see EX Series Switch Software Features Overview.
An ingress firewall filter is a filter that is applied to packets that are entering a network. An egress firewall filter is a filter that is applied to packets that are exiting a network. You can configure firewall filters to subject packets to filtering, class-of-service (CoS) marking (grouping similar types of traffic together, and treating each type of traffic as a class with its own level of service priority), and traffic policing (controlling the maximum rate of traffic sent or received on an interface).
OverviewThis configuration example show how to configure and apply firewall filters to provide rules to evaluate the contents of packets and determine when to discard, forward, classify, count, and analyze packets that are destined for or originating from the EX Series switches that handle all voice-vlan, employee-vlan, and guest-vlan traffic. Table 1 shows the firewall filters that are configured for the EX Series switches in this example.