Posted by: Barly Wicaksono | 5 December, 2012

Blok ICMP Menggunakan Firewall Filter di Juniper

Basic Knowledge

Firewall filter dapat diartikan juga sebagai “pelindung router” dari traffic yang terlalu banyak kepada router yang diarahkan kepada sebuah network atau untuk Routing Engine. Firewall filter juga dapat melindungi router dari insiden eksternal seperti serangan Denial Of Service (DOS).

Pertanyaan :
Pada router mana harus dikonfigurasi?

Jawab :
Firewall filter dikonfigurasikan pada router yang dijadikan tujuan data yang akan dilewatkan paket ping. Pada kasus diatas, paket ping akan ditujukan pada Router Jakarta, oleh karena itu statement firewall akan dikonfigurasi di Router Jakarta.

Firewall Filter

.

Konfigurasi Router

- Logical Router Jakarta -
set logical-routers Jakarta interfaces em0 unit 0 vlan-id 10
set logical-routers Jakarta interfaces em0 unit 0 family inet filter input Block
set logical-routers Jakarta interfaces em0 unit 0 family inet address 12.12.12.1/24

- Logical Router Cirebon -
set logical-routers Cirebon interfaces em1 unit 0 vlan-id 10
set logical-routers Cirebon interfaces em1 unit 0 family inet address 12.12.12.2/24
---------------------------------------------------------------------------------------

Konfigurasi firewall berbeda perlakuan dengan logical router yang telah kita konfigurasi diatas, karena firewall tidak berlaku pada logical router maka kita konfigurasi diluar stanza “Logical Router”. Maka command-nya sudah bukan “set logical-routers…” lagi melainkan langsung “set firewall filter…”.
Maka konfigurasinya seperti demikian :

- Firewall Filter -
 set firewall filter Block term ICMP from protocol icmp
 set firewall filter Block term ICMP then reject
---------------------------------------------------------------------------------------
 

.

Verification

- Ping Test -
[edit]
barly# run ping 12.12.12.1 logical-router Cirebon
PING 12.12.12.1 (12.12.12.1): 56 data bytes
36 bytes from 12.12.12.1: Communication prohibited by filter
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 7d9d 0 0000 40 01 ccf1 12.12.12.2 12.12.12.136 bytes from 12.12.12.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 7d9f 0 0000 40 01 ccef 12.12.12.2 12.12.12.136 bytes from 12.12.12.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 7da1 0 0000 40 01 cced 12.12.12.2 12.12.12.136 bytes from 12.12.12.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 7da3 0 0000 40 01 cceb 12.12.12.2 12.12.12.136 bytes from 12.12.12.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 0054 7da5 0 0000 40 01 cce9 12.12.12.2 12.12.12.1
^C
--- 12.12.12.1 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
---------------------------------------------------------------------------------------

.

Running Configuration
Firewall Filter
.


Responses

  1. sangat membantu sekali… terima kasih🙂

  2. @ RZnet :
    Sama2, terima kasih sudah berkunjung


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: