I have a Site-To-Site VPN configured Traffic comes in on my secure tunnel interface and out the WAN interface. However I want to block specific traffic to azure storage account. I can not get this access list to work, can any point out what I am doing wrong?
A little info,
WAN interface is ge-0/0/0
Interface ge-0/0/1 is my LAN
Interface ST0.0 is my VPN tunnel
Firewall filter Configuration
aabdulr2@SRXLab# show firewall
family inet {
filter Block-AZStorage {
term 100 {
from {
destination-address {
}
}
then {
reject;
}
}
term 101 {
from {
destination-address {
}
}
then accept;
}
}
}
Interface Configuration
aabdulr2@SRXLab# show interfaces
ge-0/0/0 {
unit 0 {
family inet {
filter {
input Block-AZStorage;
}
dhcp {
update-server;
}
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 192.168.0.1/24;
}
}
}
st0 {
unit 0 {
family inet;
}
}
No comments:
Post a Comment