Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I have what must be a real stumper.
Ever since we upgraded from 15.1 to 20.4, we have not been able to configure unified policies. When we do, systems in our lan that are supposed to be blocked from the Internet are visible. We have tried various ways over the months to get this working, we even had a session where our local Sr. Solutions Sales Specialist came in to help us, but we have not been able to enable unified policies and still have the SRX work properly.
We have mostly tried to convert all the policies to unified policies. Those that do not have an app-fw or IDP need are converted to unified policies by adding "...match dynamic-application any" to the policy.
The commit check is successful, but when we commit the changes, devices that should be blocked from the Internet are open through the SRX.
There must be some magic to unified policies because at least a half dozen engineers at JTAC as well as our local rep have not been able to make them work for us.
I am hoping that someone out there has seen this problem and can help.
Thanks in advance for your help.