# A zone named management on a Juniper SRX

*August 20, 2013* — https://jade.wtf/tech-notes/srx-management-zone/

Tags: Juniper, SRX, Firewall

---


TL;DR: Don't name a zone "management" on a Juniper SRX (11.4R7.5).

One of my on again, off again projects involves moving a datacenter management network with devices on public IP space with ACLs for protection to private IP space with a zone-based firewall (Juniper SRX240).

When I last touched it I ran into a problem where one zone would not pass traffic even though it had identical rules to a different zone that worked. It happens that the zone that didn't work was named "management".

Earlier today I was browsing around and found [a article that mentioned the management functional zone](http://answers.oreilly.com/topic/2008-how-to-configure-a-junos-device/) which got me wondering if there was something special with naming a zone "management".
I thought that didn't make sense since the functionality comes from the functional-zone tag not the zone name. Cue more unsuccessful searching for any mention of reserved zone names. Eventually I decided to just rename the zone and see what happened. One quick rename statement and "management" became "dcn-mgmt" and everything started to work.

What?

Then I came across [a post to J-NSP](https://puck.nether.net/pipermail/juniper-nsp/2012-November/024606.html
) that mentions management being a reserved keyword for zones. Oh. _That explains it._

---

© 2013 Jade Angrboða.