[j-nsp] SRX240 Multicast
Tyler Christiansen
tyler at adap.tv
Wed Aug 27 23:54:47 EDT 2014
A few things:
security {
zones {
security-zone policies;
}
}
That doesn't actually do anything (afaik). You've basically created a
security zone called `policies` but you haven't assigned any objects to it.
I'm not sure about this part, either:
security {
policies {
default-policy {
permit-all;
}
}
}
I would do something more akin to:
tyler at srx.example.com> show configuration
security {
policies {
from-zone trust to-zone trust {
policy PERMIT_ALL {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
}
If all else fails, put it in packet mode. If it works in packet mode, then
there's something wrong with your firewall configuration. Maybe someone
can offer some more specific SRX + multicast advice; my advice is just
general SRX advice. I don't have SRX devices participating in multicast,
so can't speak to anything specific to the platform + multicast.
On Wed, Aug 27, 2014 at 8:47 PM, <kwoody at citywest.ca> wrote:
> > So you have also allowed inbound traffic with
> >
> > set security zones security-zone <zone_name> host-inbound-traffic
> > protocols
> > all
> >
> > ? This is different than security policies (and perhaps I wasn't clear
> on
> > that).
>
> This is what I have:
>
> I thought this was enough, maybe not.
>
> show security
> policies {
> default-policy {
> permit-all;
> }
> }
> zones {
> security-zone policies;
> security-zone trust {
> host-inbound-traffic {
> system-services {
> all;
> }
> protocols {
> all;
> }
> }
> interfaces {
> all;
> }
> }
> }
>
>
>
--
*Tyler Christiansen | Technical Operations*
tyler <http://adap.tv/>@adap.tv <http://adap.tv/> | www.adap.tv
*m :* 864.346.4095
More information about the juniper-nsp
mailing list