Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EOL/EOE] Certain Zone Names cannot be used if transparent mode firewall is managed by NSM.

0

0

Article ID: KB15652 KB Last Updated: 17 Oct 2020Version: 3.0
Summary:
Note: A product listed in this article has either reached hardware End of Life (EOL) OR software End of Engineering (EOE).  Refer to End of Life Products & Milestones for the EOL, EOE, and End of Support (EOS) dates.
Certain transparent mode zones cannot be used if the firewall is managed by NSM.
Symptoms:
When NSM manages a transparent mode firewall, custom zone names are managed in a specific manner.   This causes problems when certain custom zone names are used on the firewall.
Solution:
When a firewall is in transparent mode, NSM manages custom zone names in a different way than when the device is in NAT/Route mode.

When in transparent mode, a custom zone name is created with the prepended "L2-" designation.    When those custom zones are brought under NSM management, NSM will strip off the L2- designation and manage the zone name without that L2- prefix.

For example, if the custom zone L2-Customers is created on a transparent mode firewall, and that firewall is brought under NSM management, the zone will appear in all NSM windows as "Customers" rather than "L2-Customers".

This creates a problem if the following custom zones are created on the firewall:
  • L2-Trust
  • L2-Untrust
  • L2-Mgt
  • L2-DMZ
NSM cannot manage these L2- zones separately from the L3 zone equivalents, Trust, Untrust, Mgt, DMZ.

WORKAROUND:
Avoid using these zone names when naming custom L2- zones.
Modification History:
2020-10-17: Tagged article for EOL/EOE.
 
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search