No SRX Please, I’m British

Junos

Ok, Junos on the Juniper SRX platform, y’all are just mocking me now.

Step 1: Create A Policy On The SRX

I’d like to deny ICMP fragmentation needed messages in the lab. I haven’t checked, but I’d guess that the built-in application name would be junos-icmp-fragmentation-needed, so I shouldn’t need to define it.

Step 2: Check The Config Is Ok

I’ll run my usual ‘commit check’ to make sure everything’s ok:

Oh, ok, it’s not defined – guess I got it wrong; I’ll define it.

Step 3: Fix the Error

Let’s go edit that application!

Or not. Anything beginning with “junos-” is automatically reserved. Doh!

A better error after the commit check then might have been “Doesn't exist, you can't make it exist, try something else, bozo.

Step 4: Listen for Junos Cackling

The phrase “bite me” springs to mind. 🙂

4 Comments on No SRX Please, I’m British

  1. The cackling happens when you create a groups config and then deactivate “groups” and try to commit…I bet the devs thought that was a great way to mess with people. If you haven’t tried it, it’s amusing.

    -=]NSG[=-

    • Are you talking about what happens due to the group config being disabled and thus all of those built-in applications suddenly not existing? If so, yeah, messy… and would take a while to figure out if you didn’t already know where the built-in application definitions were “configured” (that’s another post coming soon)!

Leave a Reply

Your email address will not be published.


*


 

This site uses Akismet to reduce spam. Learn how your comment data is processed.