I'm not sure what I'm trying to do is possible (or even sensible) in JunOS (flow-mode 9.5 on a J-series), but the CLI does not prevent me from doing it.
If I add a logical interface to the functional-zone 'management', I can access my device through this interface's address (providing I've permitted the necessary system-services).
Buf if I add a loopback interface to the functional-zone 'management', I can't access the device with the loopback interface address.
security {
zones {
functional-zone management {
interfaces {
lo0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
}
The only way I found to access my loopback interface was to add it to a security-zone (like Trust) and create a policy to allow traffic to the loopback interface address.
Am I missing something ? And why JunOS allows you to put a loopback interface into the functional-zone management if it doesn't work like a logical interface ?
Regards,
LM
