Quantcast
Channel: All SRX Services Gateway posts
Viewing all 17645 articles
Browse latest View live

Re: Default-Route Doesn't show up in Forwarding-instance Routing Table.

December 17, 2016, 8:40 am
$
0
0

I had a policy importing only Public Interface direct/locals into RIB group so that default-route could resolve next-hop but I have removed it. Still no 0/0 route.

 

interface-routes {
rib-group inet LocalISP;
}
static {
route 0.0.0.0/0 next-hop 7.91.187.65;
}

}
rib-groups {
LocalISP {
import-rib [ inet.0 GuestWiFi.inet.0 ];

 

 My goal is to let Guest users go to the local internet directly. Router default-instance has it's default-route pointing internally to a local next-hop. How else can I achive this?

 

Thanks.

Search

Re: SRX550 Firewill Filter Deletion/Timeout Issue via jWeb

December 17, 2016, 6:24 am
$
0
0

thanks for the detail files.  I ran some tests in the lab and here are a couple options.

 

Remove all filters

 

From your screen shot it looks like you might be deleting ALL filters.  If so, you can use this method

 

root@none# edit firewall family inet     

[edit firewall family inet]
root@none# delete 
Delete everything under this level? [yes,no] (no) yes

If you do have filters you need to keep use these to delete just the filters you listed.  Note the key is to stop the delete command at the name of the filter and not include any of the leaf elements as in these examples for each configured filter.

delete firewall family inet filter "Broadcast NetBIOS Echos" 
delete firewall family inet filter "Router to Any" 
delete firewall family inet filter "Lab OPS to/from CAV FW" 
delete firewall family inet filter "Servers - MSN OPS & Lab to CAV/COW OPS"

 

Re: SRX300 - port mirror

December 17, 2016, 9:58 am
$
0
0

Thanks for the reply Steve,

 

I was able to run a packet capture and write to a file which gave me what I was looking for.

 

packet-capture {
    file filename mypacketcapture files 2 size 50000000;
    maximum-capture-size 1500;

 

ge-0/0/0 {
    description to-Comcast;
    unit 0 {
        family inet {
            dhcp-client;
            filter {
                input PCAP;
                output PCAP;
            }
        }

Logging blocked traffic

December 17, 2016, 10:04 am
$
0
0

Hello,

 

I know this comes up a lot... But I'm trying to figure out why I'm not able to see blocked traffic going from untrust to trust. I created a group that applies the following security policy to all my zones. I can see all of the blocked traffic between all my different zones EXCEPT traffic coming from untrust, to trust. I'm using an SRX300 - does anyone have any suggestions?

 

root@srx300# show groups
default-deny-template {
    security {
        policies {
            from-zone <*> to-zone <*> {
                policy defult-deny {
                    match {
                        source-address any;
                        destination-address any;
                        application any;
                    }
                    then {
                        deny;
                        log {
                            session-init;
                        }
                    }

Re: Logging blocked traffic

December 17, 2016, 11:18 am
$
0
0

Hi,

 

Try making an explicit security policy from-zone untrust to-zone trust with the same parameters and see if the logs are getting generated.

Also try to confirm if any traffic is being denied from untrust to trust zone ?

 

This is to isolate if there is something wrong with the logging on these policies.

 

Once you have these results, we can proceed further accordingly.

 

Regards,

Sahil Sharma

---------------------------------------------------

Please mark my solution as accepted if it helped, Kudos are appreciated as well.

Re: SRX240-SMB2-CS-3

December 17, 2016, 11:23 am
$
0
0

Hi,

 

Looks like this is a 3 year subsciption for the UTM and IDP features on the SRX.

 

Please get in touch with your accounts manager or Juniper Sales executive in your area for details on this.

 

Regards,

Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.

Re: custom objects to block bad sites and good sites to allow in srx210 firewall

December 17, 2016, 11:32 am
$
0
0

Hi,

 

I have the following questions for you :-

 

  1. Are you trying to open https sites ?
  2. Is there another security policy from-zone TRUSTto-zoneINTERNET which is present above the policy "trust-internet" in the configuration ?

 

Regards,

Sahil Sharma
---------------------------------------------------
Please mark my solution as accepted if it helped, Kudos are appreciated as well.

Re: integration juniper with cisco

December 17, 2016, 9:31 pm
$
0
0

hi

 

i will try this and i will reply you inmediately

 

thanks

Search

Re: SRX240-SMB2-CS-3

December 18, 2016, 4:27 am

Re: Completely spoofed traffic

December 18, 2016, 9:14 am

SRX 550: (dynamic) VPN issues

December 18, 2016, 9:45 am
$
0
0

Since a couple of weeks/months (complaints only started to get in the last few weeks except for one), we're facing random VPN disconnects.I can't pinpoint it to an exact period/date. We did however upgrade our SRX 550 for better blocking of video streams, so we thought that was the culprit, and we tried to revert everything back to the previously known working vpn config from March. Also downgraded SRX. No solution. ( I'm sure about the config, had a copy of old config and I also compared it with my notes in http://forums.juniper.net/t5/SRX-Services-Gateway/Can-SRX-series-work-with-Shrew-Soft-VPN-client/td-p/76176 ).

 

Anyhow, since ShrewSoft is not officially supported, Juniper asks to try with Pulse Secure. 

I set it up using the instructions below ( credits http://www.mustbegeek.com/configure-dynamic-remote-access-vpn-in-juniper-srx/ ).  Same thing here: VPN connects, but randomly gets disconnected.

 

Step 1. Configure Dynamic VPN Users and IP Address Pool

set access profile Dynamic-XAuth client Jed firewall-user password P@ssw0rd
set access profile Dynamic-XAuth client Steve firewall-user password P@ssw0rd
set access profile Dynamic-XAuth address-assignment pool Dynamic-VPN-Pool
set access address-assignment pool Dynamic-VPN-Pool family inet network 192.168.97.0/24
set access address-assignment pool Dynamic-VPN-Pool family inet xauth-attributes primary-dns 10.1.10.19/32
set access firewall-authentication web-authentication default-profile Dynamic-XAuth

 

 

Step 2. Configure IPSec Phase 1

set security ike proposal Dynamic-VPN-P1-Proposal description "Dynamic P1 Proposal"
set security ike proposal Dynamic-VPN-P1-Proposal authentication-method pre-shared-keys
set security ike proposal Dynamic-VPN-P1-Proposal dh-group group2
set security ike proposal Dynamic-VPN-P1-Proposal authentication-algorithm sha1
set security ike proposal Dynamic-VPN-P1-Proposal encryption-algorithm 3des-cbc
set security ike proposal Dynamic-VPN-P1-Proposal lifetime-seconds 1200
set security ike policy Dynamic-VPN-P2-Policy mode aggressive
set security ike policy Dynamic-VPN-P2-Policy description "Dynamic P2 Policy"
set security ike policy Dynamic-VPN-P2-Policy proposals Dynamic-VPN-P1-Proposal
set security ike policy Dynamic-VPN-P2-Policy pre-shared-key ascii-text test@123
set security ike gateway Dynamic-VPN-P1-Gateway ike-policy Dynamic-VPN-P2-Policy
set security ike gateway Dynamic-VPN-P1-Gateway dynamic hostname vpn.izegem.be
set security ike gateway Dynamic-VPN-P1-Gateway dynamic ike-user-type shared-ike-id
set security ike gateway Dynamic-VPN-P1-Gateway external-interface ge-0/0/0.0
set security ike gateway Dynamic-VPN-P1-Gateway xauth access-profile Dynamic-XAuth

 

 

 

Step 3. Configure IPSec Phase 2

set security ipsec proposal Dynamic-P2-Proposal description Dynamic-VPN-P2-Proposal
set security ipsec proposal Dynamic-P2-Proposal protocol esp
set security ipsec proposal Dynamic-P2-Proposal authentication-algorithm hmac-sha1-96
set security ipsec proposal Dynamic-P2-Proposal encryption-algorithm aes-256-cbc
set security ipsec proposal Dynamic-P2-Proposal lifetime-seconds 3600
set security ipsec policy Dynamic-P2-Policy perfect-forward-secrecy keys group5
set security ipsec policy Dynamic-P2-Policy proposals Dynamic-P2-Proposal
set security ipsec vpn Dynamic-VPN ike gateway Dynamic-VPN-P1-Gateway
set security ipsec vpn Dynamic-VPN ike ipsec-policy Dynamic-P2-Policy
set security ipsec vpn Dynamic-VPN establish-tunnels immediately

 

 

Step 4. Configure Dynamic VPN Parameters

set security dynamic-vpn force-upgrade
set security dynamic-vpn access-profile Dynamic-XAuth
set security dynamic-vpn clients all remote-protected-resources 10.1.10.0/23
set security dynamic-vpn clients all remote-exceptions 0.0.0.0/0
set security dynamic-vpn clients all ipsec-vpn Dynamic-VPN
set security dynamic-vpn clients all user Jed
set security dynamic-vpn clients all user Steve

 

Step 5. Configure Security Policy

set security policies from-zone Internet to-zone Trust policy Dynamic-VPN match source-address any
set security policies from-zone Internet to-zone Trust policy Dynamic-VPN match destination-address any
set security policies from-zone Internet to-zone Trust policy Dynamic-VPN match application any
set security policies from-zone Internet to-zone Trust policy Dynamic-VPN then permit tunnel ipsec-vpn Dynamic-VPN

 

 

Step 6. Verifying IPSec Connection

root@SRX240> show security dynamic-vpn users
root@SRX240> show security dynamic-vpn client version
root@SRX240> show security ike active-peer
root@SRX240> show security ike security-associations
root@SRX240> show security ipsec security-associations

 

 

 

It gets disconnected randomly in both cases (Pulse Secure or the previous config) if I even directly connect a client laptop on an LAN interface of the SRX. (I know my ISP had some issues with VPN with one of their modems, I wanted to exclude that being the cause).

 

With ShrewSoft: internally it stays up much much longer than if I go over the internet. If I connect from home, I sometimes have to try a couple of times, and I get disconnected within 5 minutes.  If I connect my laptop to the router at work which goes to the firewall (so same config, just skipping a whole part), it is more stable but I still get disconnected at random times. Some sort of latency issue?

 

With Pulse: from home, it's more stable, but still disconnects way too quickly. When I do a constant ping, I sometimes see 1 brief time-out (maybe this is what's causing Shrew to disconnect much sooner).

 

When connected, everything seems to work as it should.

 


What should I check, what could still be wrong? Smiley Indifferent

Right now, I'm the only one able to set up a dynamic vpn and connect to it - so let's exclude "concurrent users" as a cause.

 

I already tried setting lifetime to 86400.

 

I have a case logged with Juniper, but it hasn't helped me a single bit at all...

 

 

We also have a working site-to-site vpn.

Re: SRX240-SMB2-CS-3

December 18, 2016, 2:46 pm
$
0
0

Hi,

 

I cannot find SRX240-SMB2-CS-3 in the latest price list from juniper. Only the 1 year SKU as you already mentioned.

 

SRX240-SMB4-CS-3 is present though with the same list price so it should cover your needs.

(more specific: SRX240-SMB2-CS and SRX240-SMB4-CS has the same list price and I expect multiyear discounts to be the same).

 

I think SMB4 is the way to go - or look at a hardware refresh as the content security subscriptions are way cheaper on the new SRX300 series firewalls.

 

Eg. 3 years of content security bundle for SRX340 (SRX340-CS-BUN-3) has a list price of 2.700 USD. That's 74 USD cheaper than only oneyear for the SRX240 (SRX240-SMB4-CS-1). That can rather quickly justify new hardware :-)

Re: VPN Passthrough SRX

December 19, 2016, 6:55 am
$
0
0

I think it's definitely an issue our end and I still haven't solved it Smiley Sad

 

This is what i get from Wireshark, if anyone can shed any light id be thankful

 

http://imgur.com/a/MFEvL

 

Re: SRX 550: (dynamic) VPN issues

December 19, 2016, 5:18 am
$
0
0

Seems like it's okay internally now... some time and restart web-management seem to do the trick.

 

 

Also, is this true?  "As an FYI for planning, the dynamic VPN feature for connecting to the SRX from the Pulse Secure client will be deprecated in an upcoming release. ". I read it on a forum somewhere. What's the alternative? Smiley Indifferent

Re: SRX SIP packets doesnt flow, instead ICMP

December 19, 2016, 6:31 am
$
0
0

I configure flow trace

[edit security flow]
noc@j240-1# show 
traceoptions {
    file dataflow.log size 10k files 2;
    flag basic-datapath;
    packet-filter pbx {
        source-prefix 192.168.77.122/32;
        destination-prefix 10.3.7.82/32;
    }
    packet-filter pbxReverse {
        source-prefix 10.3.7.82/32;
    }
}
noc@j240-1# run show log dataflow.log    
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:  permitted by policy internet-access(4)
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:  packet passed, Permitted by policy.
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_src_xlate:  nat_src_xlated: False, nat_src_xlate_failed: False
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_src_xlate:  incoming src port is : 46698.
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_src_xlate: src nat returns status: 1, rule/pool id: 1/32773, pst_nat: True.
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:flow_first_pst_nat_xlate: pst nat binding found
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:  choose interface vlan.100(P2P) as outgoing phy if
Dec 19 11:18:08 11:18:08.465293:CID-0:RT:is_loop_pak: No loop: on ifp: vlan.100, addr: 10.3.7.82, rtt_idx:0
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:-jsf : Alloc sess plugin info for session 249108252790
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]Normal interest check. regd plugins 28, enabled impl mask 0x0
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:+++++++++++jsf_test_plugin_data_evh: 3
Dec 19 11:18:08 11:18:08.465786:CID-0:RT: Allocating plugin info block for plugin(26)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF] set ext handle 0x4b9c5b50 for plugin 26 on session 249108252790
Dec 19 11:18:08 11:18:08.465786:CID-0:RT: Allocating plugin info block for plugin(12)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT: Allocating plugin info block for plugin(31)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]Plugins(0x84001000, count 3) enabled for session = 249108252790, impli mask(0xc), post_nat cnt 0 svc req(0x5)
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]c2s order list:
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               12
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               26
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               31
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:[JSF]s2c order list:
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               31
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               26
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:               12
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:  service lookup identified service 63.
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:  flow_first_final_check: in <ge-0/0/15.0>, out <vlan.100>
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:natp(0x59c8a318): no tcp sequence check(0x00000000) as 0x00010000.
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:flow_first_final_check: flow_set_xlate_vector.
Dec 19 11:18:08 11:18:08.465786:CID-0:RT:In flow_first_complete_session
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:flow_first_complete_session: pak_ptr is xlated packet
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:flow_first_complete_session, pak_ptr: 0x51e331b0, nsp: 0x59c8a318, in_tunnel: 0x0
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:construct v4 vector for nsp2
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  existing vector list 0x9082-0x4b9d38e8.
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  Session (id:149622) created for first pak 9082
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:first pak processing successful
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  flow_first_install_session======> 0x59c8a318
Dec 19 11:18:09 11:18:08.465786:CID-0:RT: nsp 0x59c8a318, nsp2 0x59c8a3a8
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  make_nsp_ready_no_resolve()
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:flow_ipv4_rt_lkup success 192.168.77.122, iifl 0x58, oifl 0x58
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  route lookup: dest-ip 192.168.77.122 orig ifp ge-0/0/15.0 output_ifp ge-0/0/15.0 orig-zone 6 out-zone 6 vsd 0
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:  route to 10.2.0.250
Dec 19 11:18:09 11:18:08.465786:CID-0:RT:Doing jsf sess create notify
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set ext handle 0x49a684d8 for plugin 12 on session 249108252790
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set strm buf 0x498a2fd0 for plugin 12
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:-jsf create notify: plugin id 12. rc 0
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set strm buf 0x498a33c0 for plugin 26
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:-jsf create notify: plugin id 26. rc 3
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set ext handle 0x49a65d78 for plugin 31 on session 249108252790
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:[JSF] set strm buf 0x498a2e80 for plugin 31
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:-jsf create notify: plugin id 31. rc 0
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:no need update ha
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:Installing c2s NP session wing
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:Installing s2c NP session wing
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:first path session installation succeeded
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:Fwd packet with rtbl idx 0, cos 0, rl 8865360
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:flow_sess_reinject_pkt_for_sz_common:SPU reinject pkt for sz
Dec 19 11:18:09 11:18:08.466278:CID-0:RT:  flow need to reinject pkt.
Dec 19 11:18:09 11:18:08.466278:CID-0:RT: ----- flow_process_pkt rc 0x11 (fp rc 7)
Dec 19 11:18:09 11:18:08.466495:CID-0:RT:SPU received an event,type SESS_MSG_FLUSHED_PAK, common:3
Dec 19 11:18:09 11:18:08.466495:CID-0:RT:Rcv packet with rtbl idx 0, cos 0, rl 8865360
Dec 19 11:18:09 11:18:08.466495:CID-0:RT:SPU processing spu_flushed_pak, flag: 0x2, mbuf:0x0x43b87800
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:<192.168.77.122/46698->10.3.7.82/5060;6> matched filter pbx:
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:packet [60] ipid = 47538, @0x43b87a1c
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:---- flow_process_pkt: (thd 2): flow_ctxt type 21, common flag 0x803, mbuf 0x43b87800, rtbl_idx = 0
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:flow process pak, mbuf 0x43b87800, ifl 0, ctxt_type 21 inq type 6
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:change ifl to 0x58
Dec 19 11:18:09 11:18:08.466624:CID-0:RT: in_ifp <trust:ge-0/0/15.0>
Dec 19 11:18:09 11:18:08.466624:CID-0:RT: setting SZ flag in lpak 0x51e32f30, mbuf 0x43b87800, sess id 0x24876
Dec 19 11:18:09 11:18:08.466624:CID-0:RT:setting rtt to:0x609d7720 based on VR ID:0 carried over in flow ctxt,  proto 2(ipv4)
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:flow_process_pkt_exception: setting rtt in lpak to 0x609d7720
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:host inq check inq_type 0x6
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:  flow session id 149622
Dec 19 11:18:09 11:18:08.466769:CID-0:RT: vector bits 0x9082 vector 0x4b9d38e8
Dec 19 11:18:09 11:18:08.466769:CID-0:RT:flow_tcp_wsf_update: wsf 7
Dec 19 11:18:09 11:18:08.466769:CID-0:RT: ****jsf svc chain: sess id 149622, dir 1, nat_done 0, pak pid 0, first pid 12
Dec 19 11:18:09 11:18:08.466846:CID-0:RT: plugin name junos-tcp-svr-emul. action JSF_SESSION_ACTION_NONE, stbuf 0x498a2fd0
Dec 19 11:18:09 11:18:08.466846:CID-0:RT: jsf resume sess id 149622, direction 1
Dec 19 11:18:09 11:18:08.466846:CID-0:RT:PKT-PROC for plugin junos-tcp-svr-emul jbuf 0x5d51cfe8, sess jsf flags 0x0, rc 9
Dec 19 11:18:09 11:18:08.466846:CID-0:RT: begin walk strm chain: sess id 149622, dir 1
Dec 19 11:18:09 11:18:08.466846:CID-0:RT:  walk: pid 12, prev stbuf 0x0, curr stbuf 0x498a2fd0, ignore 0
Dec 19 11:18:09 11:18:08.466945:CID-0:RT:  walk: pid 26, prev stbuf 0x498a2fd0, curr stbuf 0x498a33c0, ignore 0
Dec 19 11:18:09 11:18:08.466945:CID-0:RT:  Moved 0 bytes, rc=102. Prev tx empty[1], Curr Rx Empty[0], resume reqd[1]
Dec 19 11:18:09 11:18:08.466945:CID-0:RT:  walk: pid 31, prev stbuf 0x498a33c0, curr stbuf 0x498a2e80, ignore 0
Dec 19 11:18:09 11:18:08.467013:CID-0:RT:  Moved 0 bytes, rc=102. Prev tx empty[1], Curr Rx Empty[1], resume reqd[1]
Dec 19 11:18:09 11:18:08.467013:CID-0:RT:  total bytes moved 0, resume reqd 1
Dec 19 11:18:09 11:18:08.467013:CID-0:RT: after stream walk jb 0x5d51cfe8, rc 9, ctx.jb 0x0
Dec 19 11:18:09 11:18:08.467013:CID-0:RT:flow_process_pkt_exception: Freeing lpak 0x51e32f30 associated with mbuf 0x43b87800
Dec 19 11:18:09 11:18:08.467013:CID-0:RT: ----- flow_process_pkt rc 0x7 (fp rc 0)
Dec 19 11:18:28 11:18:27.948476:CID-0:RT:jsf sess close notify
Dec 19 11:18:28 11:18:27.948476:CID-0:RT:flow_ipv4_del_flow: sess 149622, in hash 32
Dec 19 11:18:28 11:18:27.948476:CID-0:RT:flow_ipv4_del_flow: sess 149622, in hash 32
Dec 19 11:18:29 11:18:29.949631:CID-0:RT:jsf sess destroy notify
Dec 19 11:18:29 11:18:29.949631:CID-0:RT:[JSF] set strm buf 0x0 for plugin 12
Dec 19 11:18:29 11:18:29.950131:CID-0:RT:[JSF] set strm buf 0x0 for plugin 26
Dec 19 11:18:29 11:18:29.950131:CID-0:RT:[JSF] set ext handle 0x0 for plugin 26 on session 249108252790
Dec 19 11:18:29 11:18:29.950131:CID-0:RT:[JSF] set strm buf 0x0 for plugin 31

It look like packet goes not to untrust zone, right?

Search

Re: DHCP lease time not being respected

December 19, 2016, 7:38 am
$
0
0

is it possible to have it in code form as i posted above?

 

Thanks

how do i download latest juniper pulse(now pulsesecure) vpn client

December 19, 2016, 7:45 am
$
0
0

I am currently on Junos Pulse (Pulse Secure) 5.1 and need to upgrade to the latest i believe 5.3 but with this new company called pulse secure, its like they make things ten times difficult just to download a VPN client software

 

Please help, because i need it since am on Mac Sierra and i need the latest vpn client to work

Re: how do i download latest juniper pulse(now pulsesecure) vpn client

December 19, 2016, 7:52 am
$
0
0

Actually finally figured it out; i have to give out information to get download link

Fair enough

 

Thanks

 

[CLOSE THREAD]

Re: Default-Route Doesn't show up in Forwarding-instance Routing Table.

December 19, 2016, 7:57 am
$
0
0

This is my current gateway to the internet and it's working. I wasnt to add another default-route for the inet.0 and reserve this one just for Guests.

So ge-0/0/8 is up and working.

Thanks.

Re: SRX SIP packets doesnt flow, instead ICMP

December 19, 2016, 9:59 am
$
0
0

I would check your routing table to make sure the routing is correct.

Viewing all 17645 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>