Juniper SRX – Commit Errors


KB ID 0000999 Dtd 18/09/14


WARNING: This article is not to cover every problem that will stop you committing the firewall config. It just serves to document problems I've encountered, and I how I overcame them.

Juniper SRX 240


I came across the following two problems whilst attempting to setup a 'chassis cluster'. both were related to configuration existing on interfaces that I wanted to use as Reth interfaces. essentially I didn't delete ALL the settings for these interfaces before I started configuring clustering.

Problem 1

root# commit  [edit security zones security-zone untrust]  'interfaces ge-0/0/0.0'  Interface ge-0/0/0.0 must be configured under interfaces  error: configuration check-out failed

This was because ge-0/0/0 was automatically converted to fxp0, (which is the management interface). The error is telling me that that physical interface is part of the 'untrust' zone, so I need to remove that.

{hold:node0}[edit]  root# delete security zones security-zone untrust interfaces ge-0/0/0.0

Now it let me commit the configuration.

{hold:node0}[edit]  root# commit  node0:  commit complete

{hold:node0}[edit]  root#

Problem 2

root@FWA# commit  [edit interfaces ge-0/0/4 gigether-options]  'redundant-parent'  Logical unit is not allowed on redundant-ethernet member  error: commit failed: (statements constraint check failed)

This was because ge-0/0/0 was part of Reth0, (which was my outside facing redundant interface), had some configuration on it that shouldn't be there, to find out what I needed to search the configuration.

{primary:node0}[edit]  root@FWA# show | display set | match ge-0/0/4  set interfaces ge-0/0/4 gigether-options redundant-parent reth0  set interfaces ge-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust

The first setting tells me its part of Reth0, which is good, but the second one should not be there. I could just delete that one, but I'll simply delete all configuration for that interface, then add the correct line back like so;

{primary:node0}[edit]  root@FWA# delete interfaces ge-0/0/4

{primary:node0}[edit]  root@FWA# set ge-0/0/4 gigether-options redundant-parent reth0

Now it let me commit the configuration.

{hold:node0}[edit]  root# commit  node0:  commit complete

{hold:node0}[edit]  root#

Related Articles, References, Credits, or External Links


Author: Migrated

Share This Post On