That is true, there is no options to tag a fxp into a routing-instance other than the default routing-instance. You can restrict the users with different privileges while using the Out-of-Band Management ON NECCESITY.
The router should not be configured to route traffic from network and services interfaces over fxp0.
-Python JNCIE 3X [SP|DC|ENT] JNCIP-SEC JNCDS 3X [ WAN | DC|SEC] JNCIS-Cloud JNCIS-DevOps CCIP ITIL #Please mark my solution as accepted if it helped, Kudos are appreciated as well.
This functionality was finally added in Junos 18.3R1:
Management Ethernet interface (fxp0) is confined in a non-default virtual routing and forwarding table (SRX Series)—Starting in Junos OS Release 18.3R1, you can confine the management interface in a dedicated management instance by setting a new CLI configuration statement, management-instance, at the [edit system] hierarchy level. By doing so, operators will ensure that management traffic no longer has to share a routing table (that is, the default.inet.0 table) with other control or protocol traffic in the system. Instead, there is a mgmt_junos routing instance introduced for management traffic.