Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Why are my policies showing grayed out if they are enabled?

0

0

Article ID: KB13223 KB Last Updated: 22 Jan 2009Version: 1.0
Summary:
Fields of a policy are grayed out, when the policy is still enabled
Symptoms:
A policy or multiple policies that use domain names for the Source or Destination addresses are showing grayed-out, as if they have been disabled. However, the policy is enabled, as shown by the checked box in the Enabled field (in the Webui).
Solution:
DNS is failing to lookup those domain names, thereby making the policies inactive until DNS can resolve them. This can be caused by one of two things:
  1. Either the IP address to your DNS server is unreachable OR
  2. The domain name specified in the policy is wrong and can’t be resolved (i.e. *.yahoo.com).
The DNS cache can be checked by running the command “get dns host cache”.  Look under the Unresolved section for those domain names which are failing to resolve.  To force a DNS refresh once you believe you've resolved the issue, run the command “exec dns refresh”, followed by "get dns host cache" to verify that the domain name has been resolved.


Below is an example of it working and not working.

When it's working:

ISG2000-> get dns host cache
DNS Server:
Primary : 1.1.1.2, Src Interface: Null
Secondary: 0.0.0.0 Src Interface: Null
Ternary : 0.0.0.0, Src Interface: Null
DNS Cache (Static):
DNS Cache (Dynamic):
Host name: www.google.com IP: 74.125.95.103 TTL= 159s
Host name: www.google.com IP: 74.125.95.104 TTL= 159s
Host name: www.google.com IP: 74.125.95.147 TTL= 159s
Host name: www.google.com IP: 74.125.95.99 TTL= 159s
Host name: yahoo.com IP: 68.180.206.184 TTL= 20011s
Host name: yahoo.com IP: 206.190.60.37 TTL= 20011s
DNS Cache (Unresolved):





When it’s NOT working:

ISG2000_Dreadknight-> get dns host cache
DNS Server:
Primary : 4.1.1.1, Src Interface: Null
Secondary: 0.0.0.0, Src Interface: Null
Ternary : 0.0.0.0, Src Interface: Null
DNS Cache (Static):
DNS Cache (Dynamic):
DNS Cache (Unresolved):
Host name: www.google.com last IP: 74.125.95.103
Host name: www.yahoo.com last IP: 68.180.206.184



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search