I have a requirement to block certain social media sites for specific subnet, I learnt that it is not doable in MX100 but can be done for a vlan. Unfortunately my SVIs are in the Core switch and I dont have that vlan in MX100. I did try to create a vlan/SVI (for which I need to restrict the traffic) on mx100 but It breaks my reachability from outside world to that subnet. Any one can help me out here ?
I was hoping there is another way to do it, without moving the SVI from my core. The Setup is simple, I have a Juniper access and Core layer, All the SVI are in core and I have a default route from the Core to MX100 where I have all the VPNs configured and to the internet. Moving the SVI is the only option ?