SRX Services Gateway
Showing results for 
Search instead for 
Do you mean 
Regular Visitor
Posts: 7
Registered: ‎08-31-2009
0 Kudos
Accepted Solution

Term reordering bug?

Is it just me or does term re-ordering not work?


A couple of weeks ago I had to re-order security policies. Using "insert policy X before Y" a policy (X) added later should have been moved before an earlier one (Y). Although this seemed to be performed without errors, the resulting behavior was not the anticipated one. I had to manually delete the whole policy list and re-create the policies in the correct order!


I now witness the same thing happening to NAT rules. I had a general one, wanted to add a more specific one, wrote it and moved it to the beginning. "show configuration" displays them as intended, but "show security nat source summary" displays the new rule at the end. And it doesn't get applied (obviously masked by the more general one).


Am I just seeing things, or is it a know problem?

And is the only solution to delete everything and re-create it all in the correct order?

(wow, it brought back bitter memories of old Cisco access list editing, where you had to do it "off-line")


Model: srx240-hm
JUNOS Software Release [9.5R1.8] (Export edition)

Distinguished Expert
Posts: 1,127
Registered: ‎01-10-2008
0 Kudos

Re: Term reordering bug?

I asume you didn't forget to commit the change?!  In that case I would try to upgrade to 10 1 as a starter.

best regards,

Juniper Ambassador,

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Distinguished Expert
Posts: 755
Registered: ‎11-06-2007
0 Kudos

Re: Term reordering bug?

There is known issue with insert function not working properly with NAT rules. This should be resolved in 10.0R2 which just released couple days ago. Will also be fixed in upcoming 9.6R3 release.



Posts: 25
Registered: ‎02-03-2011
0 Kudos

Re: Term reordering bug?

I am having this same issue running 10.4R1.9 on a SRX100


Guessing its not fixed yet?