Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] NSM config push is taking the Firewall out of transparent mode

0

0

Article ID: KB12539 KB Last Updated: 03 Dec 2020Version: 5.0
Summary:

Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.


 

After importing the firewall into NSM successfully, NSM is unsetting zones to take the firewall out of transparent mode.

Symptoms:
Mixed mode (mixing L2 and L3 zones on the firewall) is not supported.
Even if the firewall allows mixed mode configuration, mixed mode is officially not supported and will therefore cause firewall management issues from NSM.

Example: In the following configuration the zones are all L2 zones except for DMZ:
set interface "ethernet0/0" zone "V1-Untrust"
set interface "ethernet0/1" zone "DMZ"
set interface "bgroup0" zone "V1-Trust"

This is not a supported configuration. 

If an attempt is made to configure mixed mode on the firewall using the CLI, the following message is sometimes displayed:
ssg5-v92-> set int e0/1 zone dmz
Mixed l2/l3 mode is not supported

Some versions of ScreenOS will allow mixed mode to be set,  but this is not supported and is a bug.  Also, mixed mode will cause problems if the firewall is managed with NSM.
 
Solution:
Since NSM expects the firewall to be in either pure L2 or pure L3 mode when imported, the firewall config must be corrected before importing into NSM.  All the zones should be in either L2 or L3 mode.

 
Modification History:

2020-12-03: Tagged article for EOL/EOE

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search