Hey guys , i have an mx64, trying to add deny rules to layer 7 firewall, but i still keep seeing the ip range listed in the firewall still getting hit event, any suggestions or thoughts , TY ahead of time
Solved! Go to solution.
Can you share some details about the firewall rules you've defined? I can try to reproduce it on my MX64.
sure basically its just one rule
Security & SD-WAN
Layer7 Firewall Rules
deny
remote ip range
xxx.xxx.xxx.xxx/22
now saying this i do have port forwards also, but layer7 is before these, so logic would dictate the layer 7 rules deny first then goto the port forwards.
actually, are port forwards layer3/4 so this is why they are being bypassed due to being process earlier?
Is this range in your network or on the internet?
internet
All right. Why don't you use the L3 firewall rules?
where would i locate layer 3 firewall rules?
A bit higher on the same page, it would be something like this: