Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?




Hierarchy Level

[edit security zones security-zone zone-name]


Reroute the reverse traffic when there is a link switch for the incoming traffic.

When you configure the enable-reverse-reroute option for a security zone, then the packets of each session that has been initiated from the zone are checked for the change in the incoming interface. When an incoming packet arrives on an interface that is different from the one cached in session, the route lookup is performed for the reverse path, and the preference is given to the interface on which the packet has arrived when there are ECMP routes available to the source. Ensure that when you configure enable-reverse-reroute option, the new interface on which packets arrive must be part of the same zone as the earlier interface.

You can enable reverse rerouting in hub-and-spoke deployments, where a spoke device uses APBR to re-route the traffic based on the dynamic applications. In such cases reverse re-route can be used on hub device to correctly re-route the reverse traffic.

Required Privilege Level

services—To view this statement in the configuration.

services-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 15.1X49-D123.