Hello,
I'm facing a strange issue. Our SRX300 is the firewall in front of our router and connected to the internet. The firewall can successfully ping external adresses and so can the clients in the internal network.
But opening a website in a browser is not possible. I configured a policy that allows any access from internal to external, but it didnt solve the problem.
Maybe some of you guys see the problem, I bet its a small one, but I'm getting blind to it.
Here's the config, any help is very much appreciated:
## Last changed: 2016-09-22 15:38:31 GMT+1
version 15.1X49-D45;
system {
host-name xxx;
time-zone GMT+1;
root-authentication {
encrypted-password "xxx/";
}
name-server {
8.8.8.8;
8.8.4.4;
208.67.222.222;
208.67.220.220;
}
name-resolution {
no-resolve-on-input;
}
login {
user admin {
uid 2001;
class super-user;
authentication {
encrypted-password "xxx";
}
}
}
services {
ssh;
telnet;
web-management {
http {
interface ge-0/0/1.0;
}
https {
system-generated-certificate;
interface ge-0/0/1.0;
}
session {
idle-timeout 60;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any critical;
authorization info;
}
file interactive-commands {
interactive-commands error;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
security {
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
rule-set internal-to-internet {
from zone Internal;
to zone Internet;
rule internet-access {
match {
source-address 10.55.32.0/19;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
}
}
policies {
from-zone Internal to-zone Internet {
policy allow-internal-clients {
match {
source-address network_55;
destination-address any;
application any;
}
then {
permit;
}
}
}
}
zones {
security-zone Internal {
address-book {
address network_55 10.55.32.0/19;
}
interfaces {
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
http;
https;
ssh;
telnet;
}
}
}
}
}
security-zone Internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
ping;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 83.xxx.xxx.205/29;
}
}
}
ge-0/0/1 {
unit 0 {
family inet {
address 10.55.32.2/19;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 83.xxx.xxx.201;
route 10.55.32.0/19 next-hop 10.55.32.1;
}
}