SRX static route to specific website
Hi, I have an SRX240 (gateway A) running as a firewall/router for my internet connection, there is one default route setup as a static route on the device (route 0.0.0.0/0 next-hop 1.1.1.1). I have...
View ArticleRe: SRX static route to specific website
Hello, That is strange. Do you have any Filter Based forwarding enabled on the interface of SRX240 that connects to Server? Regards, Rushi
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
Hello, Though there are few posts saying they were able to connect using Shrew Soft client to SRX, I have faced few issues.I was able to bring the VPN up with NCP juniper edition. Regards, Rushi
View ArticleRe: setting dhcp option 66 / boot-server
Our phone system uses option 66 / boot-server to get the phone configuration. the phone expects the boot server as a http url. The string the phones need to get is http://server/folder/$MA.xml I was...
View ArticleAvaya IP Phone Behind SRX cannot connect to it's Call Manager
I have an pre-configured Avaya IP Phone behind my SRX650 which cannot connect out to it's Call manager on the internet using it's VPN client. if I move it to a cable modem it connects fine. Looking to...
View ArticleRe: log traffic for the default deny policy not working
My bad,you have defined it under interfaces. Didnt notice it. Please use belodelete security zones security-zone Internet interfaces ge-0/0/0.0 host-inbound-traffic system-servicesset security zones...
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
Hi, if you can wait a month there will be readded support for remote access vpn to the SRX300 series in 15.1X49-D60 planned for release in september.
View ArticleRe: log traffic for the default deny policy not working
Hi Suraj Think you just nailed it , ran a simple ssh <ip> 666 on srx :<14>1 2016-08-26T13:00:38.988-04:00 srx210 RT_FLOW - RT_FLOW_SESSION_DENY [junos@2636.1.1.1.2.36...
View ArticleRe: log traffic for the default deny policy not working
Figured it out Thanks to everyone who helped me on this one !!!
View ArticleRe: Avaya IP Phone Behind SRX cannot connect to it's Call Manager
Hello, Which Avaya Phone model & what Call Manager version you are using? Regards, Rushi
View ArticleRe: SRX static route to specific website
Just a thought, can you try applying no-redirects on the B router. set interfaces ge-0/0/x unit 0 family inet no-redirects *ge-0/0/x is the interface on which connects to Gatway A, through which the...
View ArticleClik here to view.
Re: Avaya IP Phone Behind SRX cannot connect to it's Call Manager
I have seen similar issues in past and these may need detailed troubleshooting sessions. I would recommend you opening a case with JTAC.
View ArticleRe: Avaya IP Phone Behind SRX cannot connect to it's Call Manager
Hi, So essentially this would be a pass through VPN for the SRX.Check if the SRX security policies permit this and is the SRX NAtting this traffic ?What ports and protocol is this traffic using ?...
View ArticleRe: Junos version
Hi, Newer Junos version pre-allocates memory for various processes even if they are not being used.This is as per the Junos architecture.This is not a cause of concern as the Junos itself would take...
View ArticleRe: SRX650-Failed Session
Sorry I did some seaches in the Junos log messages documentation and can't find one for exceeding the number of sessions per second. There likely is such a message but I don't know what it is. If...
View ArticleRe: SRX240H2 static route works only one way
Are the firewalls in line between the hosts on the office LAN and the cisco router on both sides? Your list has the firewall in one direction but not the other on both paths. If the firewall is in the...
View ArticleBetreff: srx210 connect to IP camera auto disconnect after 3 mins
I would not set any session inactivity timeout to never. This runs the risk of eventually filling the session table with sessions that cannot be timed out and making the firewall inoperative. Find...
View ArticleRe: srx340 as a switch and gateway router
Doesn't need IRB config: following partial configs work: ge-0/0/1 { vlan-tagging; gigether-options { auto-negotiation; } unit 0 { vlan-id 1; family inet { address 10.100.2.1/24; } } unit 3 {...
View ArticleRe: screen settings for SSYN flood protection on SRX240
I checked the PPS on the WAN interface once the attacks start. No issue there, a slight increase initially, but then sessions stay at a few hundred which is normal. However, I did notice this in the...
View Article