Re: ScreenOS to SRX migration with Configuration Mapping
For the following commands ,
set envar ipsec-dscp-mark=yes
set envar no-reroute-tunnel-physical=yes
set flow reverse-route tunnel always
They are set by default in SRX . No command needed to enable them . But the change in SRX is that , during re-route lookup if there is no route present in SRX it will drop by default saying " re-route failed " instead of sending back to the interface where it came from . Its same for IPSEC traffic also .
In SRX the re-route is checked by default " strictly " . We cannot turn it off
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too .....