[j-nsp] ScreenOS routing policy (route map)

Ying Zhang cynthia_dal at yahoo.ca
Wed Nov 26 08:53:18 EST 2008

Hi list,

I am new to ScreenOS. A seeming easy task in JUNOS doesn't look so easy in ScreenOS. I am sure I missed something here:

Network topology:
Router A -- Firewall -- Router B

FW learned 100 routes from Router A, and will announce all of them to router B except one route 20.1/16. How to change the explicit deny at the end of route map (I don't want to "permit" all 99 routes in the route map)?

Here is what I did:

Network > Routing > Virtual Router (trust-vr) > Access List > New: Enter the
following, then click OK:
Access List ID: 20
Sequence No.: 1
Action: deny

Network > Routing > Virtual Router (trust-vr) > Route Map > New: Enter the
following, then click OK:
Map Name: rtmap1
Sequence No.: 1
Action: deny/permit?
Match Properties:
Access List: (select), 20 (select)

Apply it to FW interface to Router B.

Whether I choose deny or permit in the route map action will make the FW to stop announcing all routes to Router B. Many thanks.


More information about the juniper-nsp mailing list