SRX

last person joined: 6 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Different security zones In routeing instance

    Posted 08-19-2013 19:46

    I have multiple ASes in routing instance.

    Part of  those ASes are external and part are not.

     

    I need to apply different security policy to external and interlal interfaces

     

     

    'interfaces ge-0/0/1.0'
Interface ge-0/0/1.0 must be in the same routing instance as other interfaces in the zone
error: configuration check-out failed

     

     

    Why SRX can`t  put interface to different  security zones?

     

    TNX



  • 2.  RE: Different security zones In routeing instance
    Best Answer

    Posted 08-20-2013 02:33

    Hi mistiq,

     

    You can place interfaces in differnet zones in a routing instance, but what you can't do is have interfaces in different routing-instances in the same zone - eg: you can't have an interface from routing-instance A in zone Trust and an interfaces from routing-instance B in zone Trust.

     

    Just add distinct zones for each (eg: Trust-VR-A, Trust-VR-B) and create your policies accordingly.