Yesterday, I work in a commercial bank branches to replace 2 sets firewall outreach unit, the original equipment model juniper ssg320, new equipment model juniper srx550, replaced and verify that all access to other units relations strategy, mostly, but after 40 minutes, suddenly all good (this part of the suddenly good I promise never move strategy),

Then for some reason, need to be back, back to the old equipment, and most of the strategies are not, but after about 1 hour, suddenly all good,

So I suspect that this is not a firewall policy and routing problem, but we have loop network architecture or learning routing has a problem, but I am a network of pure white, just a guess,

Most of the source address and destination address strategies do NAT,

Excuse me, great god, why is this case? What is the principle? Need to how to solve?

CodePudding user response:

Good magic of the banking system

CodePudding user response:

Strategy after finish save remember to commit, you will find the strategy into effect immediately