Hi all,
This is the first time I've used this group (although I've been subscribed to it for a while!!!!). First off I'd like to say how useful it's been watching the group share and deal with issues. I don't know if I'm experiencing an issue, or if this is standard operation for Junos. Some help would be greatly appreciated though. If I create a relatively simple filter such as the one below, and attach it as an output filter on a vlan interface, it works as per the prefix-list it references. However, if I update the prefix-list, like add an additional /32, the firewall filter does not permit it. If I remove and re-apply the filter, it has no effect on the new addition to the prefix-list (even though the prefix shows up in the prefix-list). To force the new prefix to become active, I have had to re-apply the firewall filter statement that references the prefix-list (i.e. delete it, and re-apply it). Is this normal? Model: j4350 JUNOS Software Release [10.4R7.5] (Inet running in packet-mode and not flow-mode) filter management_protect { term discard_world { from { source-prefix-list { manager_ips except; #<If I add additional prefixes to the manager_ips list, they do not take effect until I delete and set this configuration line> world; } } then { discard; } } term permit_mng { then { count management_count; accept; } } } Thanks and look forward to the response, David Gee _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp