Multiple Networks on Trust Interface
(2013 March 7)
If you have an interface defined with two IP addresses on it:
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
address 10.17.0.1/20;
}
}
}
...then you need an explicit trust-to-trust policy to permit traffic to flow between the two subnets:
from-zone trust to-zone trust {
policy trust-to-trust {
match {
source-address any;
destination-address any;
application any;
}
then {
permit;
}
}
}