zone not recognized by Security Director policies configuration
I'm preparing a zone migration for an SRX cluster, and I have created a bogus zone using JSD (confirmed via cli) in order to configure the corresponding security policies.
When I tried to push the security policy configuration, I get an error, stating the following:
[Error] Error while converting rule: "bogusZone" of Policy: "FWDevice". Error message: Error while converting rule: "SecPolicy#001 of Policy: "FWDevice". Error message: Zone [ "bogusZone" ] does not exist in device; please check cluster members to confirm if zone is present in all members.
I made sure both members have the zone configured, so I believe that is ruled out.
Re: zone not recognized by Security Director policies configuration
[ Edited ]
The cluster was "up", but one of the devices was unreachable, as it was planned to be that way (only primary fxp reachable).
Apparently JSD requires both members of the cluster to be reachable to push and synchronize the configuration that is not for a policy.
I ended up deleting the unreachable member and updating the configuration, I will have to add it back once we get an stable configuration.
To summarize, we had a cluster with one member active and another unreachable, JSD allows to configure policies, but for any other configuration, even when it gets updated on the cluster, it keeps thinking it's only updated on the active device; I suposse we can consider this a bug.