SRX Services Gateway
Reply
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0
Accepted Solution

SRX 10.4

Hello,

 

When i add a static route through CLI  they are added sussessfully but they are not displayed in WEB interface.??? I hope it is bug for the version but i searched in the release notes for 10.4 SRX gateways there is no such information for this type of issue.

 

Another issue i m facing is  when i add a source address in source NAT i can't add more than 8 IP's i have such situation  that i have to add 20 HOST in the source addresses to a particular destination then only source NAT with the pool specified,

 

Please answer my 2 questions

Super Contributor
AdamLin
Posts: 167
Registered: ‎08-02-2010

Re: SRX 10.4

No clue about web interface, regarding source nat, if your rule is filled with those 8 ip's, just create an identical rule in the same rule-set, which matches another 8 source ip's.
Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

Hello Experts,

 

Anybody can help me for the static route issues, mentioned above

Contributor
vinayk
Posts: 31
Registered: ‎05-31-2010

Re: SRX 10.4

>>>When i add a static route through CLI  they are added sussessfully but they are not displayed in WEB interface.???

Try refreshing the Routing >static routing page by click on the same tab or by moving to different tab. Basically, changes done from cli are not picked up in UI if you are in same page without refresh.

 

Contributor
vinayk
Posts: 31
Registered: ‎05-31-2010
0

Re: SRX 10.4

#Q2

I am able to add source address more than 8 using Web, can you please share the snapshot and the junos version to that i can help you.

Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

[ Edited ]

 

 

I tried refreshing the page and also i move to another page and i came to routing TAB but it doesnt show's me the static route

 

And my versionis 10.4, my question is that if i add more than 8 Nos of IP's in source NAT as a source address it does'nt accepts.

And also Adam in above thread gave me solution that  create the identical rule in the same rule-set  that is OK but the SRX wont accepts same rule name i have to create  rule with different name.

Distinguished Expert
MMcD
Posts: 630
Registered: ‎07-20-2010
0

Re: SRX 10.4

With 10.2 release there is a new implementation whereby Juniper no longer limit the number of rules per rule-set and instead provide platform wide limitation of rules.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB14149&smlogin=true

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

[ Edited ]

Nice to see ur reply,

 

From My 2 question 1 question is solved automatically,

 

  • Static routes are seen in GUI when they were added by CLI.

 

For my 2nd question:

 

  • I have not mentioned that i have reached to the limit of rule-set or rule, what i m trying to explore is that when i add more than 8 subnet in source addresses or destination address of source NAT rule it gives me error that more than 8 subnets are exceeded.

 

Is it default behaviour of SRX 10.4 OS or there is any commands that after executing it will allow me to add more than 8 subnets

Distinguished Expert
MMcD
Posts: 630
Registered: ‎07-20-2010

Re: SRX 10.4

Hi there,

 

This has been default behaviour for a while.  I tested it out on 11.1 R4.4 and found the same issue:

 

pool limit-test {
    ##
    ## Warning: number of elements exceeds limit of 8
    ##
    address {
        10.0.0.0/24;
        10.0.1.0/24;
        10.0.2.0/24;
        10.0.3.0/24;
        10.0.4.0/24;
        10.0.5.0/24;
        10.0.6.0/24;
        10.0.7.0/24;
        10.0.8.0/24;
        10.0.9.0/24;
    }
}

 

What situation would you need such a wide variety of addressing in a Source NAT or Destination NAT pool?  You can split it up by using rule-sets to match on the From address range and NAT according to a pool of 8 address ranges.

 

MMcD [JNCIP-SEC, JNCIS-ENT, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

Hello,

 

I faced a situation that there are different PC more than 8 which are going to extranet by the same ip pool.

 

BUT i did nt understood ur below line??

 

You can split it up by using rule-sets to match on the From address range and NAT according to a pool of 8 address ranges.

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.