12-17-2009 05:06 AM
Is it just me or does term re-ordering not work?
A couple of weeks ago I had to re-order security policies. Using "insert policy X before Y" a policy (X) added later should have been moved before an earlier one (Y). Although this seemed to be performed without errors, the resulting behavior was not the anticipated one. I had to manually delete the whole policy list and re-create the policies in the correct order!
I now witness the same thing happening to NAT rules. I had a general one, wanted to add a more specific one, wrote it and moved it to the beginning. "show configuration" displays them as intended, but "show security nat source summary" displays the new rule at the end. And it doesn't get applied (obviously masked by the more general one).
Am I just seeing things, or is it a know problem?
And is the only solution to delete everything and re-create it all in the correct order?
(wow, it brought back bitter memories of old Cisco access list editing, where you had to do it "off-line")
JUNOS Software Release [9.5R1.8] (Export edition)
Solved! Go to Solution.
12-17-2009 01:47 PM
I asume you didn't forget to commit the change?! In that case I would try to upgrade to 10 1 as a starter.
JNCIA IDP AC WX JNCIS FW SSL JNCIP SEC ENT SP JNCI
If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
12-17-2009 05:56 PM
There is known issue with insert function not working properly with NAT rules. This should be resolved in 10.0R2 which just released couple days ago. Will also be fixed in upcoming 9.6R3 release.