New Training: Understand Junos Firewall Policies
In this 9-video skill, CBT Nuggets trainer Knox Hutchinson covers how a Juniper device can classify and filter data plane traffic. Watch this new Juniper training.
Learn Juniper with one of these courses:
This training includes:
- 9 videos
- 57 minutes of training
You’ll learn these topics in this skill:
- Introducing Firewall Filters
- Firewall, or Really an ACL?
- Structure of a Firewall Filter
- Firewall Action Types
- Applying a Firewall Filter
- Use Case: Limit Inbound SSH Traffic
- Use Case: Apply Traffic Policers and Classification
- Unicast Reverse Path Forwarding (RPF)
- Summarizing Firewall Filters
What is Unicast Reverse Path Forwarding (RPF)?
Unicast Reverse Path Forwarding (RPF) is a network security feature that you can use to limit potentially harmful traffic in your network. It works by having routers verify the reachability of the source address in a packet that it is forwarding. Unicast RPF can limit spoofed IP addresses on your network by discarding packets with invalid source addresses.
Unicast RPF functions in one of three modes: strict, loose and VRF. In strict mode, routers will check if they have a matching entry for the source in the routing table and that they use the same interface to reach this source as they used to receive it. So, in this mode, you could drop legitimate traffic when asymmetric routing paths are present in your network. In loose mode, routers only check if they have a matching entry for the source in the routing table. Finally, VRF mode allows you to leverage the other two modes within a virtualized routing and forwarding environment.