About chtoh82

Hi @lychiang  thanks for answer, however it is quite weird that not all merged rules appeared at the bottom of the ruleset but only a few of them. ... View more

Hi, sorry to bring this thread up as I happened to came across  when searching for a solution to my issue.    So, I have a setup as below, I'm having 2 VSYS with overlapping subnet (Network A and B) in the trust interface, however, I also added secondary subnets in that same interface, however, this time, the secondary subnets are non overlapping.    What I did next was, from each VSYS A and VSYS B,  configured Source NAT from Trust to External Zone, translated IP as the secondary subnet interface IP (ie 192.168.3.1 and 192.168.4.1 for VSYS A and B respectively), to reach out to a server in the untrust subnet located in the Main VSYS.   I also have routing configured respectively, as you can see from the diagram, however, I could not reach to the untrust subnet from both VSYS A and B.    Session browser showed connected sessions from both VSYS A and B trust zones to the Main VSYS untrust zones, with correct source and destination addresses with NAT-ed IP as well.   The following counter global were observed: Session setup: no destination zone from forwarding Packets dropped: no route   These counters indicated there there were no routing or routing was incorrect, however, fib route lookup from both VSYS A and B to Main VSYS  to destination in untrust zone in main VSYS was successful.  Route lookup from Main VSYS to VSYS A and B to destination of Source NAT-ed IP (192.168.3.1 and 4.1) was successful as well.   Therefore, could anyone verified if SourceNAT is supported in such intervsys routing design?   ... View more

Hello, thanks for the reply. I've contacted the email aliase. Apologies, I couldn't provided the screen os config as it is confidential to the customer. Thanks!  ... View more

Got it resolved, the xpath is incorrect. The correct one should be /config/devices/entry[@name='localhost.localdomain']/vsys/entry[@name='vsys1']/profiles/hip-objects/entry[@name='patch-mgt'] ... View more

Will do, thanks! ... View more

I think i partially solved it by adding another anchor at the back,   blaabla[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]blaaa     Thank case, it needs to match exactly to 10 characters, however, not sure if  there is a way to make it into a range of from 1 to 10 characters.. ... View more

Thanks for the advice, i tried this:   blaabla[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]   it matches to any alphanumeric that has 10 chracters and above, however, my use case is to limit it to only 10 characters, can this be done? ... View more

If i am trying to create a regex that match any 10 alplanumeric characters whenever i see an 7 byte anchor, example:   whenever i sees blablaa, i want to also match the 10 alphanumeric characters following it, how would the regex looks?   had tried the following,   (blablaa).*(.([A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9]).).* (blablaa).*(.([A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9]).) (blablaa)([A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9])   what i noticed is that it is matching no matter how many alphanumeric characters following it. ... View more