SRX Next-Gen Firewalls

Oh, right... You'll have to upgrade the routing instance to virtual-router in order to put the GRE tunnel in it. That, of course, will comes with more work: I'm not sure if the PBR filter will let you pick a virtual-router instance. If you need to ...

Hi Nikolay, It is not possible to apply a interface to a forwarding instance as far as I know. Documentation says: Forwarding-Use this routing instance type for filter-based forwarding applications. For this instance type, there is no one-to-one mapping ...

Hi Nicolay, Forwariding instances don't hav interfaces attached: Forwarding-Use this routing instance type for filter-based forwarding applications. For this instance type, there is no one-to-one mapping between an interface and a routing instance. ...

Share config perhaps, to give clues. ------------------------------ Nikolay Semov ------------------------------

I don't have a box running 22 to test with, but I saw this in a recently-updated KB, except in their example they're using it to match the source-address rather than the destination-address. https://supportportal.juniper.net/s/article/SRX-DNS-name-is-not-a-supported-address-or-address-set-type-in-NAT-rules?language=en_US ...

Thanks Nikolay. As far as I can see and with the tests I've done, this does not resolve my problem. My use case for this is doing source-NAT to a specific source pool when traffic has a destination which is a FQDN. I am unable to create a NAT rule ...

This message was posted by a user wishing to remain anonymous Hi All, I have a juniper SRX 320 on packet mode and connected to internet via a 4G uplink. I can access the router externally without any issues. I also have a public subnet routed over ...