VPF Filtering

This recipe uses VPF filter rules to prevent unwanted traffic from entering or exiting TNSR. There is a VPF filter ruleset for each interface.

The rules for this example are identical for both nodes.

Note

The best practice is to have these rules in place before activating services on TNSR so that there is no window where those services are exposed without filtering.

See also

VPF Filtering

VPF Filtering Configuration

• WAN Interface Filter Rules
  • Create Ruleset
  • Allow ICMP
  • Allow VRRP
  • Allow Egress Traffic
  • Activate Ruleset
• LAN Interface Filter Rules
  • Create Ruleset
  • Allow DHCP
  • Allow VRRP
  • Allow Client Traffic
  • Allow Egress Traffic
  • Activate Ruleset
• SYNC Interface Filter Rules
  • Create Ruleset
  • Allow VPF HA Outbound
  • Allow VPF HA Inbound
  • Allow Egress Traffic
  • Activate Ruleset