SRX

Is it just me or does term re-ordering not work?

A couple of weeks ago I had to re-order security policies. Using "insert policy X before Y" a policy (X) added later should have been moved before an earlier one (Y). Although this seemed to be performed without errors, the resulting behavior was not the anticipated one. I had to manually delete the whole policy list and re-create the policies in the correct order!

I now witness the same thing happening to NAT rules. I had a general one, wanted to add a more specific one, wrote it and moved it to the beginning. "show configuration" displays them as intended, but "show security nat source summary" displays the new rule at the end. And it doesn't get applied (obviously masked by the more general one).

Am I just seeing things, or is it a know problem?

And is the only solution to delete everything and re-create it all in the correct order?

(wow, it brought back bitter memories of old Cisco access list editing, where you had to do it "off-line")

Model: srx240-hm
JUNOS Software Release [9.5R1.8] (Export edition)

I asume you didn't forget to commit the change?!  In that case I would try to upgrade to 10 1 as a starter.

There is known issue with insert function not working properly with NAT rules. This should be resolved in 10.0R2 which just released couple days ago. Will also be fixed in upcoming 9.6R3 release.

-Richard

I am having this same issue running 10.4R1.9 on a SRX100

Guessing its not fixed yet?