SRX

Hi,

I have probably missed something simple here. 

I have a network attached to port ge-0/0/8 and have placed a static route pointing to the port for the network. I have also placed this in ISIS as per other devices off ports that work and have cretaed a policy. But, it is advertising to the default which then loops from one core to the other (due to the iBGP route)... it should be being advertised correctly.... here is the config:

set routing-instances netopstest2 instance-type virtual-router
set routing-instances netopstest2 interface lt-0/0/0.9
set routing-instances netopstest2 interface ge-0/0/8.0
set routing-instances netopstest2 interface lo0.50
set routing-instances netopstest2 protocols isis export export_statics
set routing-instances netopstest2 protocols isis level 1 authentication-key "$9$KZDvxd2gJDHmaZmTF/0OSrevX7dbs4JG"
set routing-instances netopstest2 protocols isis level 1 authentication-type md5
set routing-instances netopstest2 protocols isis level 2 authentication-key "$9$g54UHf5F/A0z30Ihr8Lbs24GDHqmTFn"
set routing-instances netopstest2 protocols isis level 2 authentication-type md5
set routing-instances netopstest2 protocols isis interface lt-0/0/0.9
set routing-instances netopstest2 protocols isis interface ge-0/0/8.0
set routing-instances netopstest2 protocols isis interface lo0.50

set routing-options static route 192.168.10.0/24 next-hop 192.168.10.210

set policy-options policy-statement export_statics term 1 from protocol static
set policy-options policy-statement export_statics term 1 then accept

set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match source-address any
set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match destination-address any
set security policies from-zone Customer-Network to-zone Customer-Network policy Steve match application any
set security policies from-zone Customer-Network to-zone Customer-Network policy Steve then permit

set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest match source-address any
set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest match destination-address any
set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest match application any
set security policies from-zone Customer-Network to-zone netopstest2 policy netopstest then permit
set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match source-address any
set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match destination-address any
set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 match application any
set security policies from-zone netopstest2 to-zone netopstest2 policy netopstest_1 then permit

If anything else is required then please let me know....

Apologies. I missed the return, but I have added that, as shown below, and it has made no difference:

set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match source-address any
set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match destination-address any
set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 match application any
set security policies from-zone netopstest2 to-zone Customer-Network policy netopstest_1 then permit

I cannot delete the post. I remember this from beofre, please ignore....

The port shows as "Down"..... that's why.....

Sorry I cannot delete this post.... My fault