SRX Services Gateway
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
jeniferdcosta
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0
Accepted Solution

SRX 10.4

Options

‎03-15-2012 02:51 PM

Hello,

 

When i add a static route through CLI  they are added sussessfully but they are not displayed in WEB interface.??? I hope it is bug for the version but i searched in the release notes for 10.4 SRX gateways there is no such information for this type of issue.

 

Another issue i m facing is  when i add a source address in source NAT i can't add more than 8 IP's i have such situation  that i have to add 20 HOST in the source addresses to a particular destination then only source NAT with the pool specified,

 

Please answer my 2 questions

Message 1 of 16 (872 Views)
 
Reply
Super Contributor
AdamLin
Posts: 166
Registered: ‎08-02-2010

Re: SRX 10.4

Options

‎03-16-2012 01:07 AM

No clue about web interface, regarding source nat, if your rule is filled with those 8 ip's, just create an identical rule in the same rule-set, which matches another 8 source ip's.
Regards,
Adam

(if my post helped solve your problem, mark it as accepted solution)
Message 2 of 16 (857 Views)
 
Reply
jeniferdcosta
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

Options

‎03-16-2012 03:23 PM

Hello Experts,

 

Anybody can help me for the static route issues, mentioned above

Message 3 of 16 (831 Views)
 
Reply
vinayk
Contributor
vinayk
Posts: 31
Registered: ‎05-31-2010

Re: SRX 10.4

Options

‎03-18-2012 10:44 PM

>>>When i add a static route through CLI  they are added sussessfully but they are not displayed in WEB interface.???

Try refreshing the Routing >static routing page by click on the same tab or by moving to different tab. Basically, changes done from cli are not picked up in UI if you are in same page without refresh.

 

Message 4 of 16 (806 Views)
 
Reply
vinayk
Contributor
vinayk
Posts: 31
Registered: ‎05-31-2010
0

Re: SRX 10.4

Options

‎03-18-2012 11:18 PM

#Q2

I am able to add source address more than 8 using Web, can you please share the snapshot and the junos version to that i can help you.

Message 5 of 16 (802 Views)
 
Reply
jeniferdcosta
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

[ Edited ]
Options

‎03-19-2012 11:45 PM - edited ‎03-19-2012 11:48 PM

 

 

I tried refreshing the page and also i move to another page and i came to routing TAB but it doesnt show's me the static route

 

And my versionis 10.4, my question is that if i add more than 8 Nos of IP's in source NAT as a source address it does'nt accepts.

And also Adam in above thread gave me solution that  create the identical rule in the same rule-set  that is OK but the SRX wont accepts same rule name i have to create  rule with different name.

Message 6 of 16 (784 Views)
 
Reply
Distinguished Expert
Distinguished Expert
MMcD
Posts: 513
Registered: ‎07-20-2010
0

Re: SRX 10.4

Options

‎03-20-2012 09:26 AM

With 10.2 release there is a new implementation whereby Juniper no longer limit the number of rules per rule-set and instead provide platform wide limitation of rules.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB14149&smlogin=true

MMcD [JNCIS-SEC, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Message 7 of 16 (775 Views)
 
Reply
jeniferdcosta
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

[ Edited ]
Options

‎03-22-2012 08:28 AM - edited ‎03-22-2012 08:40 AM

Nice to see ur reply,

 

From My 2 question 1 question is solved automatically,

 

  • Static routes are seen in GUI when they were added by CLI.

 

For my 2nd question:

 

  • I have not mentioned that i have reached to the limit of rule-set or rule, what i m trying to explore is that when i add more than 8 subnet in source addresses or destination address of source NAT rule it gives me error that more than 8 subnets are exceeded.

 

Is it default behaviour of SRX 10.4 OS or there is any commands that after executing it will allow me to add more than 8 subnets

Message 8 of 16 (752 Views)
 
Reply
Distinguished Expert
Distinguished Expert
MMcD
Posts: 513
Registered: ‎07-20-2010

Re: SRX 10.4

Options

‎03-22-2012 09:11 AM

Hi there,

 

This has been default behaviour for a while.  I tested it out on 11.1 R4.4 and found the same issue:

 

pool limit-test {
    ##
    ## Warning: number of elements exceeds limit of 8
    ##
    address {
        10.0.0.0/24;
        10.0.1.0/24;
        10.0.2.0/24;
        10.0.3.0/24;
        10.0.4.0/24;
        10.0.5.0/24;
        10.0.6.0/24;
        10.0.7.0/24;
        10.0.8.0/24;
        10.0.9.0/24;
    }
}

 

What situation would you need such a wide variety of addressing in a Source NAT or Destination NAT pool?  You can split it up by using rule-sets to match on the From address range and NAT according to a pool of 8 address ranges.

 

MMcD [JNCIS-SEC, CCNA, MCP]
____________________________________________________

[Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too]
Message 9 of 16 (746 Views)
 
Reply
jeniferdcosta
Contributor
jeniferdcosta
Posts: 92
Registered: ‎07-25-2010
0

Re: SRX 10.4

Options

‎03-22-2012 10:50 AM

Hello,

 

I faced a situation that there are different PC more than 8 which are going to extranet by the same ip pool.

 

BUT i did nt understood ur below line??

 

You can split it up by using rule-sets to match on the From address range and NAT according to a pool of 8 address ranges.

Message 10 of 16 (740 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.