Skip to main content

Multiple Networks on Trust Interface

(2013 March 7)

If you have an interface defined with two IP addresses on it:

vlan {
        unit 0 {
            family inet {
                address 192.168.1.1/24;
                address 10.17.0.1/20;
            }
        }
    }

...then you need an explicit trust-to-trust policy to permit traffic to flow between the two subnets:

from-zone trust to-zone trust {
            policy trust-to-trust {
                match {
                    source-address any;
                    destination-address any;
                    application any;
                }
                then {
                    permit;
                }
            }
        }