found out it is caused by the older image. version 18.4 works.
Original Message:
Sent: 09-27-2023 21:53
From: gongyayu
Subject: FBF questions
Today my co-worker showed me the working configuration which has the same line (## reference 'NAT-PBR' not found). So seems it is not the cause for my issue.
Just no clue why not use the ip specified via next-ip.
Original Message:
Sent: 09-26-2023 23:27
From: gongyayu
Subject: FBF questions
When I looked a little deeper via
root@sys# show logical-systems sys interfaces ge-0/0/6 | display inheritance
I noticed the following:
family inet {
##
## 'filter' was inherited from group 'NAT-PBR'
##
filter {
##
## 'input' was inherited from group 'NAT-PBR'
## 'NAT-PBR' was inherited from group 'NAT-PBR'
##
input NAT-PBR; ## reference 'NAT-PBR' not found
}
address 10.52.1.2/31;
}
Seems NAT-PBR defined inside logical-system can't be resolved in the group
Any way to resolve this ?
thanks !!
Original Message:
Sent: 09-26-2023 22:20
From: gongyayu
Subject: FBF questions
I have the following topology
What I need is when the traffic sourcing from 172.16.2.X, the next hop is 10.50.1.25, otherwise, the next hop is via the default route,
set logical-system sys firewall family inet filter NAT-PBR term 1 from source-prefix-list net-172.16.2.0/24
set logical-system sys firewall family inet filter NAT-PBR term 1 then count nat-Traffic
set logical-system sys firewall family inet filter NAT-PBR term 1 then next-ip 10.50.1.25/32
set logical-system sys firewall family inet filter NAT-PBR term 1 then accept
set logical-system sys firewall family inet filter NAT-PBR term 2 then accept
set groups NAT-PBR logical-systems <*> interfaces <*> unit <*> family inet filter input NAT-PBR
set groups NAT-PBR interfaces <*> unit <*> family inet filter input NAT-PBR
set logical-system sys interfaces ge-0/0/6 apply-groups NAT-PBR
When the traffic sources from 172.16.2.X, I can see the count increasing, but traffic still goes to the default.
Any ideas ?
thanks !!