SRX Services Gateway
Reply
Visitor
obeytrison
Posts: 7
Registered: ‎12-13-2009
0

IPv6 traffic through clustered SRX-650

Hello,

 

I'm currently setting up Native IPv6 within my company network. So fare we have OSPF3 running on the whole backbone and entry network correctly, the routes are correctly sent to the different devices. We can ping each devices between them.

 

But when I try to ping from an internal router my external router accross the firewall (SRX-650 in cluster), I don't get any answer.

 

Some informations :

JUNOS Version : 10.4R6.5

security forwarding-options family inet6 mode flow-based

the following policy rule is in place :

 

from-zone trust to-zone untrust

policy 662 {
    match {
        source-address any-ipv6;
        destination-address any-ipv6;
        application any;
    }
    then {
        permit;
        log {
            session-init;
        }
    }
}

 

from-zone untrust to-zone trust

policy 663 {
    match {
        source-address any-ipv6;
        destination-address any-ipv6;
        application any;
    }
    then {
        deny;
        log {
            session-init;
        }
    }
}

 

Is there something more to do that I have omitted ?

 

Regards,

Visitor
obeytrison
Posts: 7
Registered: ‎12-13-2009
0

Re: IPv6 traffic through clustered SRX-650

Well, now it's working, after moving the IPv6 Rules on top of the policy. Weird but at least it works :smileywink:

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.