SRX Services Gateway
Highlighted
SRX Services Gateway

address-set - Rule Drops

[ Edited ]
‎09-23-2016 01:37 PM

Hello, 

 

Currently Runnig Junos Space (Latest Version) to manage a few SRX3600 

 

We have a strange issue with rule drops. Basically at random points in the day we loose address from address-set. meaning the policy is not hit and source address hits the default deny. 

 

when checking the config the address is missing from the address-set , if i do a republish from space or commit on the device the address comes back into the group

 

Doesnt show in the roll back as been added or removed 

 

We have 4 Logical Systems each with a global address book, there is no overall global address book as we only use the logical systems 

 

before commit 

address-set group_TEST-www-incoming {
address host_1.1.1.1
address test.com
address helpdesk.test.org;
address primary.test.org;
address css.test.org;
address host_x.x.x.x

 

after commit 

address-set group_TEST-www-incoming {
address host_1.1.1.1
address test.com
address helpdesk.test.org;
address primary.test.org;
address www.test.org;
address css.test.org;
address host_x.x.x.x

 

any one else seen this issue ?

3 REPLIES 3
Highlighted
SRX Services Gateway

Re: address-set - Rule Drops

‎09-30-2016 07:57 PM

Can you confirm the Junos version using?

Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
Highlighted
SRX Services Gateway

Re: address-set - Rule Drops

‎10-01-2016 12:46 AM

JUNOS 12.1x47-D20.7

Highlighted
SRX Services Gateway

Re: address-set - Rule Drops

‎10-01-2016 12:50 AM

JUNOS 12.1x47-D20.7

 

Feedback