Yeah, that was my thinking also, I can not do that until next maintenance window, thought that was a trivial change and never should affect transit traffic.
------------------------------
John Gerro
------------------------------
Original Message:
Sent: 12-09-2020 19:16
From: Unknown User
Subject: EX-4300 protect-re mystery
Sorry about reading through your post.. If you can open you filter up to match the traffic that you know your dropping..
Also just for giggles can you add then log to what your filter to see what all else that may be dropped.
Original Message:
Sent: 12-09-2020 18:37
From: John Gerro
Subject: EX-4300 protect-re mystery
Hi, I am having a weird problem I can not explain, and need your input to solve this mystery.
I have a viptela vedge connected to a Juniper EX-4300 switch which is the gateway to Internet, this Viptela vEdge router has many IPsec (over Internet) connections and worked just fine. Today I need to enforce the protect-re firewall rules for the RE, however after the change is made, vEdge reported that BFD over those IPsec tunnels are down. I can not make sense out of this behavior, it almost means the protect-re is somehow blocking transit traffic from Viptela vEdge. The changes made to protect-re firewall rules are totally irrelevant to any transit traffic.
What else can be wrong?
------------------------------
John Gerro
------------------------------