In this sample Nugget from my JN0-102 course at CBT Nuggets, I walk you through important aspects of how interfaces work on Juniper equipment.
This post is critical for those students studying for their Enterprise Routing and Switching Certifications.
The following sequence describes how the device evaluates a packet entering or exiting an interface if the input or output traffic at a device interface is associated with a firewall filter.
Packet evaluation proceeds as follows:
Unlike service filters and simple filters, firewall filters support the next term action, which is neither a terminating action nor a nonterminating action but a flow control action.
If the matched term includes the next term action, the device continues evaluation of the packet at the next term within the firewall filter.
If the matched term does not include the next term action, evaluation of the packet against the given firewall filter ends at this term. The device does not evaluate the packet against any subsequent terms in this filter.
A maximum of 1024 next term actions are supported per firewall filter configuration. If you configure a firewall filter that exceeds this limit, your candidate configuration results in a commit error.
The device stops evaluating a packet against a given firewall filter when either the packet matches a term without the next term action or the packet fails to match the last term in the firewall filter.