Re: Port mirroring on a SRX430
Hello, I noticed that I made a mistake in the subject.It should be SRX340
View ArticleJN0-334 exam
hi allgot my exam this week any last minute study material pls do let me know
View ArticleDoes existing sessions timeout if the policy for the same is deleted
I have an application which continues to send traffic between the source and destination as long as the current session is not interrupted. This application was running using an any any rule between 2...
View ArticleRe: Does existing sessions timeout if the policy for the same is deleted
To solve this you have to enable "policy-rematch" under security policies... otherwise existing sessions are kept open until they time out. Enabling policy-rematch existing sessions will be reevaluated...
View ArticleNeed help setting up 2 VPNs on same interface
srx-345 with Junos 15.1X49-D170.4 I have a setup with a VPN tunnel on the external interface (ge-0/0/8.0). This is working fine. Now I want to setup a second tunnel to a different customer. I created...
View ArticleBetreff: Unable to SSH or SFTP to fxp0 interface
Turned out to be a filter on the Loopback.
View ArticleSRX240 H2 POE - Chassis control not running
Howdy, I see this has come up a few times in the past, and some have had success following the previously documented steps, but I have not. This is an eBay purchased device and was supposed kick off my...
View ArticleRe: SRX240 H2 POE - Chassis control not running
Hi, Do u already try reformat/reinstall that box? Thanks
View ArticleRe: SRX240 H2 POE - Chassis control not running
wrote:Do u already try reformat/reinstall that box? Hi, I believe so. I've done both the 'request system zeroize media' and also 'request system software add ... ', if those are the steps you are...
View ArticleRe: Need help setting up 2 VPNs on same interface
The problem is solved. Remote site used IKEv1 and there is a chance of race conditions that might lead to using the wrong gateway if one vpn is dynamic and the other isn't. I was told so by Juniper...
View ArticleRe: Does existing sessions timeout if the policy for the same is deleted
@jonashauge Its seems delete policy operation will make sure that existing sessions are re-checked under all scenarios whereas policy re-match will be beneficial for session rechecking when any...
View ArticleRe: J-Web Adobe Flash Dependency
And Microsoft plans to remove Flash... https://www.zdnet.com/article/new-windows-10-update-permanently-removes-adobe-flash/ It urgently needs some attention despite the fact that the CLI is still the...
View ArticleSRX 240H - Getting ip addresses only from DHCP (binding static) - others not
Hi, I'm newby and I'm learning all the time 🙂 I have the SRX 240H. Is it possible to somehow set DHPC - to provide ONLY addresses entered in Static Bindings.Scenario - there are Access Points (WIFI) on...
View ArticleRe: SRX 240H - Getting ip addresses only from DHCP (binding static) - others not
If you restrict your range to only the addresses you manually specify then you will have achieved your desired result. access { address-assignment { pool wireless-pool { family inet { network...
View ArticleSRX240H - WIFI - One vlan for several subnets
I have the SRX 240H. I would like to create one WIFI vlan, access points will be connected to it. But that students and staff and teachers will connect via wifi - I would like to separate it somehow...
View ArticleRe: SRX240H - WIFI - One vlan for several subnets
Hello, From my POV you are overcomplicating the situation, by trying to combine, what should be separated. The SRX is a switch/router and FW, so I would create the individual VLANs per Department. Zone...
View ArticleRe: SRX240H - WIFI - One vlan for several subnets
OK. Maybe you're right.Scenario: SRX--swich--APAnd how to transfer all these VLANS to Acess Points - I have UNIFI UBIQUITI LR + UBI KEY controller, I do not know if they will accept TRUNK - because...
View ArticleRe: SRX240H - WIFI - One vlan for several subnets
Unless it is: https://forums.juniper.net/t5/Junos/SRX320-multiple-VLANs-on-same-physical-interface-1-untagged-2/td-p/299632 But I don't know if multiple VLANs on the same physical interface can be...
View ArticleRe: Setting an ipsec tunnel to responder only?
"responder-only", see https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/security-edit-vpn.html
View ArticleSRX240H - irb or multiple vlans
Hello, I'm a newbe and I'm just starting my adventure with SRX`s;) My hard: SRX 240H (JUNOS Software Release [12.1X44-D40.2]I would like to set up several subvilans or subnets on one physical...
View ArticleRe: SRX240H - WIFI - One vlan for several subnets
Hello, Ok, now the picture looks better. So step by step.1. You do not need to have WIFI point to be able to handle VLANs, you have switch in between.The Switch will do this job it will have:a)....
View ArticleRe: SRX240H - irb or multiple vlans
Hello,I think it was answered already under https://forums.juniper.net/t5/SRX-Services-Gateway/SRX240H-WIFI-One-vlan-for-several-subnets/td-p/482352 BR,Andrei
View ArticleJuniper Configurator and Quote Tool
Hi Juniper Team, Where can I ask for a feature upgrade regarding our Juniper Configurator and Quote Tool?The tool straightforward for us to navigate. However, the tool is quite some time consuming as...
View ArticleSRX-JE VS SRX-JB
Hello,I can see that the SRX- SYS - JE includes Application security , so my question is what will be the benefit of this as the premium flex license includes this and the advanced one as well !
View ArticleRe: SRX-JE VS SRX-JB
The SRX-SYS-JE SKUs only provides a perpetual license for Application security which is also included in the flex subscriptions (both A1, A2, A3, P1, P2 and P3) - so if you need flex subscriptions...
View ArticleRe: Juniper Configurator and Quote Tool
You can start by sending your inputs to EMEA-Channel-Support-Configurator@juniper.net - they should be able to pass the request to the right people. Secondly; I'm a part of the technical advisory board...
View ArticleRe: upRe: SRX1500 || Control Link em1 is not coming Up whereas em0 seems fine.
Can anyone help into it, please ?
View ArticleRe: SRX-JE VS SRX-JB
Thanks jonashauge for the clarification ..Is there any announcement for its end of life ?
View ArticleRe: upRe: SRX1500 || Control Link em1 is not coming Up whereas em0 seems fine.
An SRX1500 cluster does not have an em1 interface. https://www.juniper.net/documentation/en_US/junos/topics/reference/general/chassis-cluster-srx-series-node-interface-understanding.html
View ArticleSRX240H - mrtg monitoring bandwidth
Hi, Can I do bandwidth monitoring on SRX (like mrtg in Linux) like something like this.I know SRX has its own web server as well. Or maybe it can make SMNP packets available to the monitoring server...
View ArticleRe: 10 maximum source-address in policy match
Hi, What should i do, when i need to permit ssh access to 20nos of random ip's from a huge segment.And deny everything else. set security policies from-zone trust to-zone srv-frm policy...
View ArticleSRX345 lockdown aleatory
Hi to all,I have a customer who has an SRX345 box.Sometimes the device get frezzed an becomes inaccesible via icmp, web, etc... The device doesn't answer to any traffic via any interface and the...
View ArticleRe: SRX-JE VS SRX-JB
The SYS-JE SKUs are not announced end of life yet so can still be purchased - as stated this is my subjective expectation as it doesn't make sense to have the SYS-JE SKU as it's more expensive than...
View ArticleRe: SRX Remote syslog tls
Hi Jonas,From a certificate perspective, do i need to add:set security pki ca-profile tls-syslog ca-identity "Syslog TLS" set security pki ca-profile tls-syslog revocation-check disable set services...
View ArticleRe: SRX345 lockdown aleatory
The best suggestion from my side would be to have somebody log on the device via serial console to figure out if the device is actually responding there.. and secondly looking at cpu load, interface...
View ArticleThird Party SecIntel Feed - Microsoft Updates
Hello, Regarding information from the Juniper documentation on SecIntel feeds https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/concept/sky-atp-integrated-feeds.html Does...
View ArticleAre security profile mandatory for user logical system
I want to know if we create multiple user logical systems in SRX4100 then is it must to define security profile for each user logical systems as well as for master logical logical.What will happen if i...
View ArticleSrx 5400 how to restore from usb
Hello Long story short, srx 5400 crashed and went into boot loop. I took working snapshot to usb from another 5400 and booted faulty srx with usb, seems ok. But question is, how can i get content from...
View ArticleRe: Srx 5400 how to restore from usb
If you have managed to boot your SRX5400 via the snapshot, I would just do a reinstall of the Junos image to properly write the software to the compact flash. Just download the install package, do...
View Articleerror: usp_ipc_client_recv: failed to read message from ipc pipe
Hi Does this message the same as issue described in this article?https://kb.juniper.net/InfoCenter/index?page=content&id=KB23977&cat=SRX_5800_1&actp=LIST admin@MY-FW> show security flow...
View ArticleRe: error: usp_ipc_client_recv: failed to read message from ipc pipe
I agree it seems to match the kb but the article is not very helpful in trying to see why it can occur for reasons that require action. Seems like it might be harmless and might not but they don't give...
View Article(DUP!) ping response when pinging cCTV
We have a juniper router onsite and when pinging a cctv at site we are seeing below: execute ping 10.112.34.20PING 10.112.34.20 (10.112.34.20): 56 data bytes64 bytes from 10.112.34.20: icmp_seq=0...
View ArticleRe: (DUP!) ping response when pinging cCTV
Hello There could be a number of reasons:...
View ArticleProblem with DHCP
Good afternoon!I have Juniper SRX220H, recently started a problem like this:Inside the local network, passive ftp sessions suddenly ceased to take place, although all protocols are allowed in...
View ArticleRe: Srx 5400 how to restore from usb
Tryed that but it returned error: /usr/libexec/ui/downgrade: the bootstrap installer is missing... Is it possible to verify that the CF card is actualy working ok ? Egert
View ArticleRe: Problem with DHCP
To troubleshoot dhcp please enable trace options for dhcp server as outlined here. https://kb.juniper.net/InfoCenter/index?page=content&id=KB26748 Then pull the logs from the generated file.
View ArticleRe: (DUP!) ping response when pinging cCTV
If there is only one device with that ip address then you likely have a layer 2 loop in this broadcast domain.
View ArticleHow to delete arp record
Hi How to remove static ARP entry from SRX650 Appreciate you helpThanks
View ArticleRe: How to delete arp record
These are configured in one of two waysstatic entriesproxy arp You would remove static entries under the interface configuration...
View Article