SRX

 View Only
last person joined: 15 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  error when I create zone in vlan.

    Posted 03-29-2019 09:15

    Hello,

     

    We need to create a zone in vsrx, but we have a error when executate this accion.

     

    {primary:node0}[edit security zones]
    root@fw-mci-cl-01-vSRX-Node0# set security-zone SL-COSTUMER interfaces reth2 host-inbound-traffic system-services all 

    root@fw-mci-cl-01-vSRX-Node0# commit
    [edit security zones security-zone SL-COSTUMER]
    'interfaces reth2.0'
    Interface reth2.0 must be configured under interfaces
    error: configuration check-out failed

    {primary:node0}[edit]
    root@fw-mci-cl-01-vSRX-Node0#

     

    ! config interface!

     

    description CLIENTES;
    vlan-tagging;
    mtu 9000;
    redundant-ether-options {
    redundancy-group 1;
    }
    unit 3281 {
    description Previ_Poc_APP;
    vlan-id 3281;
    family inet {
    address 10.187.171.1/24;
    address 10.208.133.129/26;
    }
    }
    unit 3320 {
    description Previ_Poc_BD;
    vlan-id 3320;
    family inet {
    address 10.208.145.1/24;
    }
    }

     



  • 2.  RE: error when I create zone in vlan.

    Posted 03-29-2019 09:37
    reth2 interface is configured with unit 3281 and 3320. It does not have unit 0 logical interface. Remove reth2.0 interface from zone config and add the configured unit number like reth2.3281 , reth2.3320 etc




  • 3.  RE: error when I create zone in vlan.
    Best Answer

    Posted 03-29-2019 10:13

    Hello Raul,

     

    When you do not explicitly mention the interface unit under security zone, it defaults to unit 0.

     

    In your case you used - 

     

    set security-zone SL-COSTUMER interfaces reth2 host-inbound-traffic system-services all 

     

    This would end up with reth2.0 under SL-COSTUMER zone. But your interface does NOT define this unit. Hence the error.

     

    I would suggest you to use (adjust the zones as per your need.)

     

    set security-zone SL-COSTUMER interfaces reth2.3281 host-inbound-traffic system-services all 

     

    set security-zone SL-COSTUMER interfaces reth2.3320 host-inbound-traffic system-services all 

     

    Thanks!