SRX Services Gateway
SRX Services Gateway

ScreenOS to SRX migration with Configuration Mapping

‎03-01-2017 04:09 AM

Hi,

 

I am doing migration of ScreenOS to SRX and get below commands, need to know similar commands for SRX or way to able to achieve by these commands.

 

  • set envar ipsec-dscp-mark=yes
  • set envar no-reroute-tunnel-physical=yes
  • set flow reverse-route tunnel always

 

Thanks

Atif.

1 REPLY 1
SRX Services Gateway

Re: ScreenOS to SRX migration with Configuration Mapping

‎03-01-2017 04:27 AM

Hello ,

 

For the following commands , 

 

 

  • set envar ipsec-dscp-mark=yes
  • set envar no-reroute-tunnel-physical=yes
  • set flow reverse-route tunnel always

They are set by default in SRX . No command needed to enable them .  But the change in SRX is that , during re-route lookup if there is no route present in SRX it will drop by default saying  " re-route failed " instead of sending back to the interface where it came from . Its same for IPSEC traffic also .

 

In SRX the re-route is checked by default " strictly " . We cannot turn it off


Thanks,
Sam

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....