On Thu, Jun 11, 2009 at 02:12:58PM +0800, ?????? wrote: > JUNOS 9.6 will increase the limitation to 256 and even more in future > release.
A guy from J-Net Community forum told me that limit will be increased in 9.5R2. Juniper plans to release it at the end of current month. My interest is more about impossibility of usage of some rule-sets rather than limitation of 8 rules. I didn't find any info about rule-set's contexts in docs for 9.5. If I understand correctly, "context" is defined by 'from' in [edit security nat destination rule-set]. Thus, if two rule-sets have the same 'from' configuration, then they are in same context and "error: Destination NAT rule-set ... and ... have same context." occurs. And this limitation looks strange for me as for end-user. The second annoying issue: under [edit security nat destination rule-set ... rule ...] 'match destination-port' can contain only one port number. I.e. due to this issue I waste rules instead of placing all needful port numbers in one clause. I don't know yet whether this behavior will be changed in 9.5R2. -- MINO-RIPE _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp