Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [ScreenOS] How does the firewall treat multi-cell policy in terms of addr/service group usage?

0

0

Article ID: KB7252 KB Last Updated: 21 Dec 2019Version: 7.0
Summary:

How do we treat multi-cell policy in terms of addr/service group usage?
 

Symptoms:

Environment:

  • multi-cell
  • address group
  • service group
  • calculating address group limits
     
Solution:

Multi-cell policies are just like groups. If you create enough multi-cells, it will consume the address or service group space, so you will tap into the service group resources.  The following information will help in determining the limits associated with address groups and service groups:

1 multi-cell policy (with multiple service) uses 1 service group

1 multi-cell policy (with multiple src address) uses 1 addr group

1 multi-cell policy (with multiple dst address) uses 1 addr group

1 multi-cell policy (with multiple src & dst address) uses 2 addr group

As a result, address objects that are soley used in multi-cell policies will not be marked as "in-use."  Be aware that these address objects can be deleted and modified.


note For more information: 
KB6989 - ScreenOS won't save a policy with multiple services configured
Modification History:
2019-12-21: Archived
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search