Screen OS

Hello guys,

I would like to configure Policy Based Routing using Access Lists.

It works for me when done via GUI but it doesn'r recognise the command when in CLI (see attached).

I can  not see the access-list command available when issue set ?

Thanks for any help.

Hello.

We need to first specify the vrouter context:

    set vrouter trust-vr access-list ....

Regards,

Sam

Hi Sam,

Thanks for your answer, that worked.

Is there any reason why I can't see this (vrouter trust-vr) in my firewall cfg.txt file??

And what is that actually mean?

Regards,

Dom

Hello Dom.

By default, all zones/interfaces are part of the default "trust-vr" virtual router.

If you configure static route, by default, it's configured as part of the "trust-vr"... i.e.  "set route 1.1.1.1/32..."

If we do a "get config", near the bottom, you should see reference to "set vrouter "trust-vr"" and the configs related to trust-vr right below that.

Alternatively, type:

 - set vrouter trust-vr

 - get config

This will list the config tied to trust-vr.

Hope this helps.

Regards,

Sam

set vrouter "trust-vr"
set access-list 50
set access-list 50 permit ip 1.1.1.1/32 1
set route-map name "DIR-OSPF" permit 1
set match ip 50
set redistribute route-map "DIR-OSPF" protocol connected

This will redistribute 1.1.1.1/32 into ospf , you may tailor this according to your requirement

Please mark this as accepted solution if it works for you

A kudos is a good way of appreciation

Kashif Nawaz

JNCIP-Sec ,JNCIP-Ent

JNCIS-Ent, JNCIS-Sec

JNCIA-Junos