KB ID 0000999
Problem
WARNING: This article is not to cover every problem that will stop you committing the firewall config. It just serves to document problems I’ve encountered, and I how I overcame them.
Solution
I came across the following two problems whilst attempting to setup a ‘chassis cluster‘. both were related to configuration existing on interfaces that I wanted to use as Reth interfaces. essentially I didn’t delete ALL the settings for these interfaces before I started configuring clustering.
Problem 1
This was because ge-0/0/0 was automatically converted to fxp0, (which is the management interface). The error is telling me that that physical interface is part of the ‘untrust’ zone, so I need to remove that.
Now it let me commit the configuration.
{hold:node0}[edit] root#
Problem 2
This was because ge-0/0/0 was part of Reth0, (which was my outside facing redundant interface), had some configuration on it that shouldn’t be there, to find out what I needed to search the configuration.
The first setting tells me its part of Reth0, which is good, but the second one should not be there. I could just delete that one, but I’ll simply delete all configuration for that interface, then add the correct line back like so;
{primary:node0}[edit] root@FWA# set ge-0/0/4 gigether-options redundant-parent reth0
Now it let me commit the configuration.
{hold:node0}[edit] root#
Related Articles, References, Credits, or External Links
NA