I am going to make this as short as possible. I purchased an SRX300 to replace my SRX100 firewall. The one I noticed right out of the box was each interface was in routed interface. Unlike the older branch models (SRX1xy, SRX2xy, etc) the ports were in switching mode.
Also, the JunOS version is at 15.1X49-D45 In my case, I need these ports to do switching and not routing. Therefore, I went ahead and modified my SRX100 config to match the new SRX300. When I commit, the box barked at me stating something along this lines.
from-zone (trust) and to-zone (untrust) must be both L2 or L3 zones. error: configuration check-out failed
I had no idea what it meant, so I removed my security policies and tried to commit again then I got this. It makes sense because the newer boxes uses irb interfaces now instead of vlan.
error: l3-interface: 'vlan.11': Only IRB interface is supported, e.g. irb.10
I replaced all vlan interfaces with irb interfaces then commit check then I got this.
error: interface-unit: 'irb.11': This interface cannot be configured in a zone error: statement creation failed: irb.11
At this point, I have no idea what was happening. The box is not letting me to commit. Therefore, I fired up Chrome and went to Juniper release notes page for the 15.1X49-D45 that I currently have. I scrolled down to page 10, the layer 2 features, and found this paragraphs.
Support forenhancedLayer2transparentbridgemodeandswitchingmode—Starting with Junos OS Release 15.1X49-D40, the enhanced Layer 2 transparent bridge mode and switching mode features are supported on SRX300, SRX320, SRX340, SRX345, and SRX550M devices.
Use the set protocols l2-learning global-mode (transparent-bridge | switching) command to switch between the Layer 2 transparent bridge mode and switching mode. After switching the mode, you must reboot the device for the configuration to take effect. The layer 2 protocols supported in switching mode is Link Aggregation Control Protocol (LACP).
• LACP is not supported on SRX300 and SRX320 devices.
• LACP is not supported in transparent bridge mode.
The command set protocols l2-learning global-mode switching is the answer to my problems. However, it does not support LACP. I checked the newer versions’ release notes, and found the newer JunOS version support LACP. I upgraded the SRX300 and used the mentioned command. Everything works.
Oh! Before I forget, the set protocols l2-learning global-mode will require for you to reboot the SRX.