Re: Juniper MX firewall filter

Hi Spdnet,

Apply the below firewall filter on loopback if this fragmentation packet is destined to host bound or it is transit then apply it on incoming interface and check it helps

MX480# show firewall family inet filter RE-protect
term UDP-fragment {
from {
is-fragment;
protocol udp;
}
then {
discard;
}
}
term allow-all {
then accept;
}

If fragment packet is for host-bound traffic then apply the filter on loopback 

MX480# show interfaces lo0
unit 0 {
family inet {
filter {
input RE-protect;
}

If it is transit then apply it under interface

MX480# show interfaces xe-0/0/0
unit 0 {
family inet {
filter {
input RE-protect;
}

Hope this helps

--------------------------------------------------------------------------------------------------------
If this post was helpful, please mark this post as an "Accepted Solution".
Kudos are always appreciated!
--------------------------------------------------------------------------------------------------------