POLICY NOT WORKS IN 6900

[sokocul_123]

Dear Alcatel team, kindly need ur help for my configuration :

policy service ALL-TCP protocol 6 destination ip-port 10000
policy network group ACS 192.168.60.0 mask 255.255.255.0
policy network group BAS 192.168.70.0 mask 255.255.255.0
policy network group BM-MGMT 192.168.200.0 mask 255.255.255.0
policy network group CCTV 192.168.40.0 mask 255.255.255.0 192.168.50.0 mask 255.255.255.0
policy network group IPTV 192.168.40.0 mask 255.255.255.0
policy network group IT-MGMT 192.168.100.0 mask 255.255.255.0
policy network group LAN-USER 192.168.10.0 mask 255.255.255.0
policy network group SOUNDSYSTEM 192.168.80.0 mask 255.255.255.0
policy network group VOICE 192.168.90.0 mask 255.255.255.0
policy network group WIFI-EMPLOYEE 192.168.20.0 mask 255.255.255.0
policy network group WIFI-GUEST 192.168.30.0 mask 255.255.255.0
policy condition ITMGMT-TO-LANUSER source network group IT-MGMT destination network group LAN-USER
policy condition ITMGMT-TO-IPTV source network group IT-MGMT destination network group IPTV service ALL-TCP vrf default
policy action PERMIT
policy action DENY disposition deny
policy action DROP disposition drop
policy action deny disposition deny priority 5
qos apply



-> show policy rule
Rule name : DENY-ITMGMT-TO-IPTV
State = new,
Precedence = 200,
Condition name = ITMGMT-TO-IPTV,
Action name = DENY



fyi : my dhcp server in internal switch 6900 and use static routing to internet via juniper SRX. i configure in SRX to routing every single network group via ip mgmt gateway 192.168.100.1


IDK why network group IT-MGMT still can do ping to network group IPTV.

[silvio]

Where in your config is the rule?
please post:
> show active policy rule