SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Remove address-book from group address

    Posted 02-24-2016 07:23

    Hi 

     

    I am new in SRX and want to know how to remove address-book from group-address.

    Let's say, i have "SERVER" group and there is two entry. 

    I want to remove 10.10.150.60 from this "SERVER" group address, what will be best way to remove?

     

    set security zones security-zone tunnel address-book address 10.10.10.60 10.10.10.60/32

    set security zones security-zone tunnel address-book address 10.10.10.62 10.10.10.62/32


    set security zones security-zone tunnel address-book address-set SERVER address 10.10.10.60
    set security zones security-zone tunnel address-book address-set SERVER address 10.10.10.62

     

    Thanks,

     



  • 2.  RE: Remove address-book from group address
    Best Answer

     
    Posted 02-24-2016 08:29

    Hello,

     

    The below command should do it:

     

    delete security zones security-zone tunnel address-book address-set SERVER address 10.10.10.60

     

    Regards,

     

    Rushi



  • 3.  RE: Remove address-book from group address

    Posted 02-25-2016 15:26

    Thank you RTILAK!!

     

     



  • 4.  RE: Remove address-book from group address

    Posted 12-29-2016 13:42

    I cannot seem to remove an adress book entry from my SRX220. I use the Gui and the change won't commit. So It try from the CLI. My Config is thus (without x's):

     

    security-zone Internet {
    address-book {
    address Dave_home 70.x.x.x/32;

     

    I want to remove Dave, been using:

     

    delete security zones security-zone internet address-book address-set address Dave_home 70.x.x.x/32

     

    Router comes back "No entry exists". I have others in there to delete as well. Same issue on them. I've even just tried on the address 70.x.x.x

     

     



  • 5.  RE: Remove address-book from group address

    Posted 12-29-2016 14:00

    Hi Scott,

     

    basically you are mixing up address book entries and address-sets (groups).

     

    Your command "delete security zones security-zone internet address-book address-set address Dave_home 70.x.x.x/32" tries to delete an address name 'Dave_home' within an address-set names 'address'.

     

    The correct command should be:

     

    delete security zones security-zone internet address-book address Dave_home

     

    I hope this solves your issue.



  • 6.  RE: Remove address-book from group address

    Posted 12-30-2016 08:03

    Hi Jonas! Happy New Year to you sir!

     

    Well I finally got it to work. Two things -

    First I had to delete the Policy associated with Dave_home.  Then using your given command I was able to delete the address book entry- My issue was that I had a lower case "i" for Internet - that's why it wasn't found. 🙂 But after I corrected that, it would'nt take the commit because the Policy for Dave_home was squaking that it didn't have an address for Dave.!

     

    So, I got the Policy out first, commited that, then went into the address book as noted. With a captial "I" for internet.

     

    Thank you so much!

    Scott