Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Inclusion of interface in route statement

    Posted 09-18-2012 11:23

    Given something like:

     

    unset flow reverse-route clear-text
set interface "ethernet0/0" zone "Trust" 
set interface ethernet0/0 ip 192.168.1.1/24 
set interface ethernet0/0 nat 
set interface ethernet0/0 ip manageable 
set interface ethernet0/3 zone untrust 
set interface ethernet0/2 ip 10.0.0.1/24 
set interface ethernet0/3 ip 10.0.1.1/24 
set interface ethernet0/2 mip 10.0.0.10 host 192.168.1.10 netmask 255.255.255.255 vr trust-vr
set interface ethernet0/3 mip 10.0.1.10 host 192.168.1.10 netmask 255.255.255.255 vr trust-vr

     

    is there a difference between:

     

    set route 0.0.0.0/0 gateway 10.0.0.254
set route 0.0.0.0/0 gateway 10.0.1.254

     

    and:

     

    set route 0.0.0.0/0 interface ethernet0/0 gateway 10.0.0.254
set route 0.0.0.0/0 interface ethernet0/1 gateway 10.0.1.254

     ...ie is there a point to including the "interface" specifier in the route command?

     



  • 2.  RE: Inclusion of interface in route statement
    Best Answer

     
    Posted 09-18-2012 22:10

    The routes without interface are called gaerway tracking routes. For these routes firewall will do a recurrsive route lookup.

    Such rutes take the best exit interface.

    These gateway tracking rotes are not synched in NSRP and you have to manually define them on both the peers.