I have noticed that since Junos added the global address book, it is now possible to define an address range rather than just a host or a network.
{primary:node1}[edit]
lab@node1-cen-fw1.doc1# show security address-book untrust
address host:62-232-224-45 62.232.224.45/32;
address range-1 {
range-address 206.124.114.89 {
to {
206.124.114.200;
}
}
}
But when you refer to this within a security policy the commit fails.
{primary:node1}[edit]
lab@node1-cen-fw1.doc1# ...ls-centro to-zone untrust-centro policy p22
match {
source-address host:190-10-100-83;
destination-address range-1;
application [ junos-http junos-https ];
}
then {
permit;
}
{primary:node1}[edit]
lab@node1-cen-fw1.doc1# commit
[edit security policies from-zone mpls-centro to-zone untrust-centro]
'policy p22'
Destination address or address_set (range-1) is invalid for policy.
error: configuration check-out failed
What is the purpose of this new option if it can not be referred to within a policy?
I am running Junos 12.1X44-D45.2 on a SRX100.
Thanks for reading.