0

I have a question about Juniper SRX firewall configuration, Running 11.4R7

My question is about routing table used while processing traffic passing through the firewall, I have routing configuration part of the routing-instances definition, and it looks like this :

set routing-instances Main-VR instance-type virtual-router
set routing-instances Main-VR interface reth0.0
set routing-instances Main-VR routing-options static route 10.80.90.0/27 next-hop 10.80.90.40

Then i could find another routing definition as 

 routing-options    static route 10.62.170.190/32 next-hop 10.80.93.1
 routing-options    static route 10.62.170.0/24 next-hop 10.80.93.1
 routing-options    static route 10.61.105.0/26 next-hop 10.80.93.1
 routing-options    static route 10.66.65.103/32 next-hop 10.80.93.1

What’s the difference between the two definitions? Are both active, i mean checked while traffic processing taking place? Or I could remove one of them

Kingsley
  • 14,398
  • 5
  • 31
  • 53
JanAroub
  • 1
  • 1

2 Answers2

1

Static routes defined under set routing-options are for Global Routing Table and the ones defined under set routing-instances Main-VR routing-options are for the Virtual Router(Main VR).

Mihir Dass
  • 470
  • 5
  • 7
0

routing-options static route 10.62.170.190/32 next-hop 10.80.93.1 could be removed, as routing-options static route 10.62.170.0/24 next-hop 10.80.93.1 already contains the 10.62.170.190/32 destination.

The rest would need to stay as they are destinations to individual networks or destinations. As a first step suggestion I would deactivate route 10.62.170.190/32 next-hop 10.80.93.1, then test for connectivity to your end point destination before finally removing the item from your configuration.

CL.
  • 173,858
  • 17
  • 217
  • 259
Daniel Blankenship
  • 1
  • 1