SRX

I have noticed that since Junos added the global address book, it is now possible to define an address range rather than just a host or a network.

{primary:node1}[edit]
lab@node1-cen-fw1.doc1# show security address-book untrust                  
address host:62-232-224-45 62.232.224.45/32;
address range-1 {
    range-address 206.124.114.89 {
        to {
            206.124.114.200;
        }
    }
}

But when you refer to this within a security policy the commit fails.

{primary:node1}[edit]
lab@node1-cen-fw1.doc1# ...ls-centro to-zone untrust-centro policy p22              
match {
    source-address host:190-10-100-83;
    destination-address range-1;
    application [ junos-http junos-https ];
}
then {
    permit;
}

{primary:node1}[edit]
lab@node1-cen-fw1.doc1# commit       
[edit security policies from-zone mpls-centro to-zone untrust-centro]
  'policy p22'
    Destination address or address_set (range-1) is invalid for policy.
error: configuration check-out failed

What is the purpose of this new option if it can not be referred to within a policy?

I am running Junos 12.1X44-D45.2 on a SRX100.

Thanks for reading.

Hello ,

This address Range option is not supported in SRX device before 12.1X45-D10 . Its supported aftre 12.1X45-D10 .

Ref : http://kb.juniper.net/InfoCenter/index?page=content&id=KB26320&smlogin=true

Upgraded and commit accepted.

Thanks

Hello ,

Thanks for the update .  Glad that helped .