11-30-2022 07:36 AM
Hi Guys
I am managing and testing an EXOS x435;
Setup:
Ingress ACL to VLAN8 to block all private traffic:
source VLAN8 destination All Private networks 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
Apply rule to VLAN8 in Ingress (only), everything works.
but
I need to enable establish traffic from private networks to VLAN8.
I tried to set TCP-flags ACK and SYN_ACK but nothing, It doesn't work
Any suggestions?
THIS is the policy:
/*entry vlan8{
if {
source-address 10.5.207.192/27;
destination-address 10.5.207.192/27;
}
then
{
permit;
}
}
entry responsePrivate1{
if match all{
destination-address 10.0.0.0/8;
protocol TCP;
TCP-flags ACK;
}
then
{
permit;
}
}
entry responsePrivate2{
if match all{
destination-address 10.0.0.0/8;
protocol TCP;
TCP-flags SYN_ACK;
}
then
{
permit;
}
}
entry rete10 {
if {
source-address 10.5.207.192/27;
destination-address 10.0.0.0/8;
}
then
{
deny;
}
}
entry rete172 {
if {
source-address 10.5.207.192/24;
destination-address 172.16.0.0/12;
}
then
{
deny;
}
}
entry rete192 {
if {
source-address 10.5.207.192/27;
destination-address 192.168.0.0/16;
}
then
{
deny;
}
}
entry resto {
if {
source-address 10.5.207.192/27;
}
then
{
permit;
}
} */
Marco