Hugo Slabbert writes: >I generally create an explicit 'reject-all' policy and stick that at the=20 >end of policy lists, rather than nesting the reject within an existing=20 >policy. It's a bit clearer.
You can also do this with a config group, since they are added (to lists) after the foreground config: Something like: groups default-reject policy-options policy-statement <*> then reject; protocols apply-groups default-reject; Thanks, Phil _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp