Juniper ScreenOS Firewall autocorrects Route Entries

I was a bit confused today as I saw a “wrong” route entry in the config of an SSG firewall. The route had not the correct “network/netmask” notation but a “host-address/netmask-of-the-network” notation. However, the SSG autocorrected this false route entry to the correct subnet id in its routing table.

The case was to create a route to the network “10.0.0.160/28″. However, the entry was falsified set to “10.0.0.165/28″, i.e., a wrong network address. This command (issued through NSM) was placed in the config of the SSG:

However, the SSG autocorrected this entry to the correct subnet id, as the “get route” command revealed:

 

The GUI showed the correct destination routing, too:

Juniper ScreenOS autocorrect Route Entry

 

Anyway, I decided to correct the route in the NSM to the right one. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *