Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Thu Jul 02, 2020 9:42 am


Username:
Subject:
Message body:
Enter your message here, it may contain no more than 60000 characters. 

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
Font size:
 
Font colour
Options:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Disable BBCode
Disable smilies
Do not automatically parse URLs
Confirmation code
Confirmation code:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
     

Topic review - SRX security policies: error: Failed to build dop for policy receive error: configuration check-out
Author Message
Post subject: SRX security policies: error: Failed to build dop for policy receive error: configuration check-out  |  Post Posted: Fri Jun 28, 2013 7:23 am
Following commit error can occur on the srx:

Code:
# commit
error: Failed to build dop for policy receive
error: configuration check-out failed


This is because one of my security policies contained the same target subnet/IPs in source/destination:

Code:
from-zone untrust to-zone vr1 {
    policy receive {
        match {
            source-address remote-net;
            destination-address remote-net;  <--HERE
            application any;
        }
        then {
            permit {
                tunnel {
                    ipsec-vpn vr1-to-vr1;
                    pair-policy send;
                }
            }
        }
    }
}
Jump to:  
cronNews News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO