Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] Cloning a policy which has no-hw-sess enabled

0

0

Article ID: KB27261 KB Last Updated: 05 Aug 2013Version: 1.0
Summary:
This article describes the result of cloning a policy which has no-hw-sess enabled.
Symptoms:

User has a policy in which no-hw-sess is enabled

nsisg1000(M)-> get policy id 976
name:"none" (id 976), zone Untrust -> Trust,action Permit, status "enabled"
src "PCs_Office", dst "192.168.10.0/28", serv "ANY"
Rules on this VPN policy: 0
nat off, Web filtering : disabled
vpn unknown vpn, policy flag 00410400, session backup: on, hardware session: off
traffic shaping off, scheduler n/a, serv flag 00
log init close, log count 0, alert no, counter no(0) byte rate(sec/min) 0/0
total octets 0, counter(session/packet/octet) 0/0/0
No Authentication
No User, User Group or Group expression set

Will the hardware session status get copied if the user were to clone this policy from WEBUI?

Cause:

Solution:
Hardware session status is explicit to a policy on which it is enabled. Even if the policy is cloned, the resulting policy will mirror all the settings of the old policy except the hardware session status.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search