Ask the Expert

Expand all | Collapse all

Firwall srx /delete security zones

  • 1.  Firwall srx /delete security zones

    Posted 16 days ago
    hello  sir ,
     kindly, I am trying to delete unused APN, everything look ok for the work order, but each time I receive this error (( referenced address must be defined under address-book )) ,,, the work order is just two statement..

    SRX5400-1
    =================
    delete security nat source rule-set PAT1 rule 3 match source-address 10.211.0.0/18
    delete security zones security-zone Trust address-book address 3G_src_addr20 10.211.0.0/18  this line is not deleted 


    saif.salah

    ------------------------------
    saif salah
    ------------------------------


  • 2.  RE: Firwall srx /delete security zones

    Posted 14 days ago
    Hi Saif,

    First delete the NAT rule and do a commit. Post that try to delete the address book under security zone.

    ------------------------------
    ***𝑫𝒐 𝒎𝒂𝒓𝒌 𝒕𝒉𝒊𝒔 𝒂𝒏𝒔𝒘𝒆𝒓 𝒂𝒔 𝑺𝒐𝒍𝒗𝒆𝒅, 𝒊𝒇 𝒊𝒕 𝒂𝒅𝒅𝒓𝒆𝒔𝒔𝒆𝒔 𝒚𝒐𝒖𝒓 𝒊𝒔𝒔𝒖𝒆***

    𝕽𝖊𝖌𝖆𝖗𝖉𝖘,
    𝖓𝖔𝖔𝖇 𝖒𝖆𝖘𝖙𝖊𝖗.
    ------------------------------



  • 3.  RE: Firwall srx /delete security zones

    Posted 14 days ago
    Hi Saif,

    First delete the NAT rule and do a commit.

    Post that delete the address book in the security zone. 

    If you face any difficulty, provide the entire error message.

    ------------------------------
    ***𝑫𝒐 𝒎𝒂𝒓𝒌 𝒕𝒉𝒊𝒔 𝒂𝒏𝒔𝒘𝒆𝒓 𝒂𝒔 𝑺𝒐𝒍𝒗𝒆𝒅, 𝒊𝒇 𝒊𝒕 𝒂𝒅𝒅𝒓𝒆𝒔𝒔𝒆𝒔 𝒚𝒐𝒖𝒓 𝒊𝒔𝒔𝒖𝒆***

    𝕽𝖊𝖌𝖆𝖗𝖉𝖘,
    𝖓𝖔𝖔𝖇 𝖒𝖆𝖘𝖙𝖊𝖗.
    ------------------------------



  • 4.  RE: Firwall srx /delete security zones

     
    Posted 13 days ago
    This message is telling you the address object you are trying to delete: 3G_src_addr20
    Is being used by a policy somewhere.  So before the object can be deleted the policy must also be removed.

    If you use this command you can find the location of the policy to remove.
    show security policy | display set | match 3G_src_addr20

    From here the delete the policies that are found.


    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------