Hello,
Our external interface is configured for ip 198.27.134.230/28
ge-0/0/0 {
unit 0 {
family inet {
address 198.27.134.230/28;
}
}
}
I'm trying to ping our external interface. When I try to whitelist my external IP, as follows
filter ICMP_Whitelist {
term term_1 {
from {
source-address {
0.0.0.0/0;
}
destination-address {
198.27.134.230/28;
}
protocol icmp;
}
then accept;
}
term term_2 {
then accept;
}
}
I get the error message
'198.27.134.230/28' has non-zero bits where bits in mask are zero
My Juniper is happy if I give it 198.27.134.230/32 instead, which makes sense in terms of the error message.
However, why do I get this error message at all for setting firewall filers, especially when I don't get this error message for setting my external IP address to an interface?
I apologize if this is a basic question.
Thank you,