SRX Services Gateway
Reply
zvr
Regular Visitor
zvr
Posts: 7
Registered: ‎08-31-2009
0
Accepted Solution

Term reordering bug?

Is it just me or does term re-ordering not work?

 

A couple of weeks ago I had to re-order security policies. Using "insert policy X before Y" a policy (X) added later should have been moved before an earlier one (Y). Although this seemed to be performed without errors, the resulting behavior was not the anticipated one. I had to manually delete the whole policy list and re-create the policies in the correct order!

 

I now witness the same thing happening to NAT rules. I had a general one, wanted to add a more specific one, wrote it and moved it to the beginning. "show configuration" displays them as intended, but "show security nat source summary" displays the new rule at the end. And it doesn't get applied (obviously masked by the more general one).

 

Am I just seeing things, or is it a know problem?

And is the only solution to delete everything and re-create it all in the correct order?

(wow, it brought back bitter memories of old Cisco access list editing, where you had to do it "off-line")

 

Model: srx240-hm
JUNOS Software Release [9.5R1.8] (Export edition)

Distinguished Expert
Screenie
Posts: 1,081
Registered: ‎01-10-2008
0

Re: Term reordering bug?

I asume you didn't forget to commit the change?!  In that case I would try to upgrade to 10 1 as a starter.

best regards,

Screenie.
Juniper Ambassador,
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: Term reordering bug?

There is known issue with insert function not working properly with NAT rules. This should be resolved in 10.0R2 which just released couple days ago. Will also be fixed in upcoming 9.6R3 release.

 

-Richard

Contributor
junostim
Posts: 25
Registered: ‎02-03-2011
0

Re: Term reordering bug?

I am having this same issue running 10.4R1.9 on a SRX100

 

Guessing its not fixed yet?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.