[j-nsp] Firewall filters getting reordered?
Hannes Gredler
hannes at juniper.net
Tue Oct 25 03:33:17 EDT 2005
the fix to PR58550 (which adresses several problems)
should adress the "term reordering" problem that you
have been observing.
fixes are in 7.1R4 7.2R3 7.3R2 7.4R1
/hannes
Brian W. Gemberling wrote:
>
> Yes, we've been using insert on the term etc. I guess that's what
> caused this. Is there a work around?
>
> On Mon, 24 Oct 2005, Hannes Gredler wrote:
>
>> my guess is that brian was observing a reordering
>> of the config (not actually the reordering of the
>> compiled/optimized instruction set that PR28108
>> describes);
>>
>> i have a question:
>>
>> id you do some insert before/after or
>> load patch operations /
>>
>> /hannes
>>
>> Pekka Savola wrote:
>>
>>> On Mon, 24 Oct 2005, Brian W. Gemberling wrote:
>>>
>>>> We had a router that rebooted tonight. When the box came back
>>>> up some
>>>> of the firewall filters had terms that were out of order (in turn
>>>> filtering out
>>>> OSPF in this case). Has anyone seen this before? Running 7.0R2.7.
>>>> Also
>>>> it looks like policies were out of order as well.
>>>
>>>
>>>
>>> Have you checked out whether you're hitting:
>>>
>>> PSN-2003-05-006 Firewall terms might not be evaluated sequentially
>>>
>>> That's tracked by PR28108 and has not been fixed.
>>>
>>
More information about the juniper-nsp
mailing list