SRX Services Gateway
Highlighted
SRX Services Gateway

error when I create zone in vlan.

‎03-29-2019 09:14 AM

Hello,

 

We need to create a zone in vsrx, but we have a error when executate this accion.

 

{primary:node0}[edit security zones]
root@fw-mci-cl-01-vSRX-Node0# set security-zone SL-COSTUMER interfaces reth2 host-inbound-traffic system-services all 

root@fw-mci-cl-01-vSRX-Node0# commit
[edit security zones security-zone SL-COSTUMER]
'interfaces reth2.0'
Interface reth2.0 must be configured under interfaces
error: configuration check-out failed

{primary:node0}[edit]
root@fw-mci-cl-01-vSRX-Node0#

 

! config interface!

 

description CLIENTES;
vlan-tagging;
mtu 9000;
redundant-ether-options {
redundancy-group 1;
}
unit 3281 {
description Previ_Poc_APP;
vlan-id 3281;
family inet {
address 10.187.171.1/24;
address 10.208.133.129/26;
}
}
unit 3320 {
description Previ_Poc_BD;
vlan-id 3320;
family inet {
address 10.208.145.1/24;
}
}

 

2 REPLIES 2
Highlighted
SRX Services Gateway

Re: error when I create zone in vlan.

‎03-29-2019 09:36 AM
reth2 interface is configured with unit 3281 and 3320. It does not have unit 0 logical interface. Remove reth2.0 interface from zone config and add the configured unit number like reth2.3281 , reth2.3320 etc


Thanks,
Nellikka
JNCIE x3 (SEC #321; SP #2839; ENT #790)
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway
Solution
Accepted by topic author raul.sagredo
‎04-12-2019 09:56 AM

Re: error when I create zone in vlan.

‎03-29-2019 10:12 AM

Hello Raul,

 

When you do not explicitly mention the interface unit under security zone, it defaults to unit 0.

 

In your case you used - 

 

set security-zone SL-COSTUMER interfaces reth2 host-inbound-traffic system-services all 

 

This would end up with reth2.0 under SL-COSTUMER zone. But your interface does NOT define this unit. Hence the error.

 

I would suggest you to use (adjust the zones as per your need.)

 

set security-zone SL-COSTUMER interfaces reth2.3281 host-inbound-traffic system-services all 

 

set security-zone SL-COSTUMER interfaces reth2.3320 host-inbound-traffic system-services all 

 

Thanks!