Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Unable to save MultiCell Policies or add new Address/Service Groups

0

0

Article ID: KB6989 KB Last Updated: 11 Aug 2010Version: 5.0
Summary:
Address/Service Group limits reaching device limits due to multicell policy usage.  Limits apply to ScreenOS 5.3 and lower.
Symptoms:
Symptoms & Errors:

  • Can't add any more service groups
  • Failed command - set group service <name> add "SIP"
Solution:
The multiple services feature within a policy configuration (also know as multi-cell) and service groups utilize the same resource. Each device is limited to a specific combined number of multi-cell and service groups that can be configured.

To view the number of service groups configured, enter the CLI command:   get group service
To view the number of multi-cell policies configured, list the policies and manually count those that have the option: set group service <service name> add 

In ScreenOS 5.3.0r6 and below, multiple service or address items within a policy configuration (also know as multi-cell) utilize the same resources as service or address groups. (Reference: KB7252 - How do we treat multi-cell policy in terms of addr/service group usage).  If the max limit is reached, an error similar to the following may be sent to the console screen:
Failed command - set group service "_p68svc_" hidden
Failed command - set group service "_p68svc_" add "IP Phone streaming audio"
Failed command - set group service "_p68svc_" add "SIP"
Failed command - unset group service "_p68svc_"
In ScreenOS 5.3.0r7 thru ScreenOS 5.3.0r10, a correction was made to allow new multicell policies to be created, even if the device limits for address group or service groups limits have been reached. This only applies to additional policies and not additional Address/Service groups.

In ScreenOS 5.4 and above, there is no longer an address/service group limit in multicell policies.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search