— Exhibit —
user@host> show log flow.log
Jun 12 20:00:45 host clear-log[ ]: logfile cleared
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:172.23.1.20/2526->10.3.202.56/443;6> matched filter
to_https:
…
Jun 12 20:01:10 20:01:10.412643:CID-0:RT: fe-0/0/6.0:172.23.1.20/2526->10.3.202.56/443, tcp,
flag 2 syn
…
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:check self-traffic on fe-0/0/6.0, in_tunnel 0x0
…
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:flow_first_rule_dst_xlate: DST xlate: 10.3.202.56(443)
to 10.25.0.3(443), rule/pool id 2/2.
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:flow_first_routing: vr_id 0, call flow_route_lookup():
src_ip 172.23.1.20, x_dst_ip 10.25.0.3, in ifp fe-0/0/6.0, out ifp N/A sp 2526, dp 443, ip_proto 6,
tos 0
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:Doing DESTINATION addr route-lookup
Jun 12 20:01:10 20:01:10.412643:CID-0:RT: routed (x_dst_ip 10.25.0.3) from managed (fe-0/0/6.0 in 0) to ge-0/0/1.4093, Next-hop: 10.25.0.3
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:flow_first_policy_search: policy search from zone
managed-> zone trust (0x110,0x9de01bb,0x1bb)
Jun 12 20:01:10 20:01:10.412643:CID-0:RT: app 58, timeout 1800s, curr ageout 20s
Jun 12 20:01:10 20:01:10.412643:CID-0:RT: permitted by policy default-policy-00(2)
…
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:flow_xlate_pak
Jun 12 20:01:10 20:01:10.412643:CID-0:RT: post addr xlation: 172.23.1.20->10.25.0.3.
Jun 12 20:01:10 20:01:10.412643:CID-0:RT: post addr xlation: 172.23.1.20->10.25.0.3.
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:skip pre-frag: is_tunnel_if- 0, is_if_mtu_configured- 0
Jun 12 20:01:10 20:01:10.412643:CID-0:RT:mbuf 0x42344180, exit nh 0xb00010
Jun 12 20:01:10 20:01:10.412643:CID-0:RT: —– flow_process_pkt rc 0x0 (fp rc 0)
— Exhibit –Click the Exhibit button.
You want to allow Web-based management of your SRX Series device through fe-0/0/6.0. This
interface belongs to the managed zone with an IP address of 10.3.202.56. You are unable to open
an HTTPS connection and have enabled traceoptions to troubleshoot the problem.
Referring to the exhibit, what is causing this problem?
A.
The HTTPS protocol is not enabled in the managed zone.
B.
The HTTPS protocol is not enabled in the trust zone.
C.
The lo0 interface is not configured in the managed zone.
D.
The packet was diverted to the wrong zone.
Explanation:
I would suggest answer D is correct
un 12 20:01:10 20:01:10.412643:CID-0:RT:flow_first_policy_search: policy search from zone
managed-> zone trust (0x110,0x9de01bb,0x1bb)