Junos Space Developer
Highlighted
Junos Space Developer

zone not recognized by Security Director policies configuration

‎09-25-2018 11:11 AM

Hi,

 

I'm preparing a zone migration for an SRX cluster, and I have created a bogus zone using JSD (confirmed via cli) in order to configure the corresponding security policies.

 

When I tried to push the security policy configuration, I get an error, stating the following:

 

[Error] Error while converting rule: "bogusZone" of Policy: "FWDevice". Error message: Error while converting rule: "SecPolicy#001 of Policy: "FWDevice". Error message: Zone [ "bogusZone" ] does not exist in device; please check cluster members to confirm if zone is present in all members.

 

I made sure both members have the zone configured, so I believe that is ruled out.

 

Any ideas?

 

Thanks,

 

Narkissus

2 REPLIES 2
Highlighted
Junos Space Developer

Re: zone not recognized by Security Director policies configuration

‎09-25-2018 08:36 PM

Hi,

 

  What was the status of your SRX from the JSD ? This is under  > Configure>  Firewall Policy > Devices? 

 

  What i can suggest is to re-import first the device to your JSD then make sure it is Sychronized.

 

 Then do the policy config from the JSD and push it to the SRX cluster.

 

 You can post the status here from your JSD . Im using JSD 18.2R1 ..works well for me.

 

if this helps, thanks.

 

  

Highlighted
Junos Space Developer

Re: zone not recognized by Security Director policies configuration

[ Edited ]
‎10-01-2018 07:53 AM

Hi,

 

The cluster was "up", but one of the devices was unreachable, as it was planned to be that way (only primary fxp reachable).

Apparently JSD requires both members of the cluster to be reachable to push and synchronize the configuration that is not for a policy.

 

I ended up deleting the unreachable member and updating the configuration, I will have to add it back once we get an stable configuration.

 

To summarize, we had a cluster with one member active and another unreachable, JSD allows to configure policies, but for any other configuration, even when it gets updated on the cluster, it keeps thinking it's only updated on the active device; I suposse we can consider this a bug.

 

Thanks,

Feedback