Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] Route and Policy Lookup of NSM Traffic Across the Firewall

0

0

Article ID: KB9480 KB Last Updated: 27 Dec 2019Version: 5.0
Summary:

NetScreen device is set up for NSM management.  This article goes through how routing is done for NSM traffic.

Solution:

NSM traffic is sent out from the NetScreen device from a source interface called self.  The self interface is belongs to the default vr.  Since NSM sessions are generated from a source interface of self, the route lookup is performed in the default vr.  If a route lookup is found, then a policy lookup is performed. 

If there is no route in the route lookup, the other VR's are checked. 

The default vr is the trust-vr.  If you want your NSM traffic to route through the untrust-vr, you will have to change the default vr.  To change the default vr to untrust-vr, issue the following CLI command:

set vr untrust-vr default-vrouter
Modification History:

2019-12-27: Archived article. No changes made.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search