Hello,
We just moving from SRX210HE (JunOS 12.1X46-D65) to SRX300 (JunOS 15.1X49-D90) & unfortunately found out that addresses set as 'dns-name' are not correctly used/recognized inside security polices, e.g.
root@SRX300-1> show configuration security zones security-zone untrust address-book
address TEST-SourceAddress {
dns-name www.juniper.net;
}
Interesting thing is that listing this policy by general information this 'problematic' address is reported, but listing with detail there is no mention about it
root@SRX300-1> show security policies policy-name TEST
From zone: untrust, To zone: trust
Policy: TEST, State: enabled, Index: 23, Scope Policy: 0, Sequence number: 6
Source addresses: TEST-SourceAddress
Destination addresses:TEST-DestinationAddress
Applications: any
Action: permit
root@SRX300-1> show security policies policy-name TEST detail
Policy: TEST, action-type: permit, State: enabled, Index: 23, Scope Policy: 0
Policy Type: Configured
Sequence number: 6
From zone: untrust, To zone: trust
Destination addresses:
TEST-DestinantionAddress: 192.168.0.100/32
Application: any
IP protocol: 0, ALG: 0, Inactivity timeout: 0
Source port range: [0-0]
Destination port range: [0-0]
Per policy TCP Options: SYN check: No, SEQ check: No, Window scale: No
TEST-SourceAddress of course is correctly resolved on SRX300 device, is also present in local dns-cache
root@SRX300-1> show security dns-cache
DNS Name: www.juniper.net
DNS entry number: 1
---
Best Regards