Re: Problem- With Destination NAT
Hi, Should the trust zone hosts not be:set security zones security-zone trust address-book address mail1 1.1.1.4/32 2.2.2.4/32set security zones security-zone trust address-book address mail2...
View ArticleFirewall address range address book objects appearing as address sets with...
Hi, Quite new to Junos and the SRX platform so this may be "normal" behaviour but we noted that IP address range objects seem to be represented as individual objects within an address set, we hadn't...
View ArticleRe: Firewall / NAT table - RE or PFE?
Hi Flow module, which is part of PFE, takes care of firewall sessions and NAT.RE does not process transit traffic in Junos-based devices.
View ArticleRe: Proxy-Arp only works if monitoring external interface
Hi I'm not sure why this may happen, can you post relevant parts of the config and "show route" output, obfuscating the real IP addresses?
View ArticleRe: Proxy-Arp only works if monitoring external interface
interfaces { ge-0/0/0 { unit 0 { proxy-arp; family inet { address 173.xxx.xx.233/29; } } } ge-0/0/1 { unit 0 { family ethernet-switching { vlan { members default; } } } } ge-0/0/2 { unit 0 { family...
View ArticleRe: Proxy-Arp only works if monitoring external interface
You should try to remove proxy-arp setting from interface ge-0/0/0 unit 0 stanza.I don't think it is needed when you have it configured in [security].
View ArticleRe: Firewall address range address book objects appearing as address sets...
Hi I'm not sure how exactly you see these objects? When I try it in my lab I can only see one address object + address device-10.1.1.101-103 { + range-address 10.1.1.101 { + to { + 10.1.1.103; + } + }...
View ArticleRe: SRX doesn't resolve internet domain names
Hello, we already resolved this issue, we have to add a source nat from the default routing instance to another routing-instance (virtual router type) and it works. Thank you all for your help.
View ArticleRe: SRX650 failed to boot
while i try to take a snapshot from alive device i get following error request system snapshot media usb node1: -------------------------------------------------------------------------- Clearing...
View ArticleRe: SRX650 failed to boot
Okay i`m create bootflash whith " request system snapshot media usb partition node 1 factory" But when i insert usb stick into corrupted SRX i'm the following: SRX_650 board revision major:0, minor:11,...
View ArticleRe: Firewall address range address book objects appearing as address sets...
Hi PK,I have copied an example from our config for reference, I created the object as you did in the labs via cli and it appeared in the config as expected, of note we use Junosd Space to create object...
View ArticleSRX3600: chassis cluster control interfces em0 input error
Hi everyone, SRX3600 firewall chasis cluster,version 12.1X46-D45.4. Through command" show interfaces em* extensive no-forwarding" find control interface em0 error.Physical interface: em0, Enabled,...
View ArticleRe: SRX3600: chassis cluster control interfces em0 input error
Hi, Sometimes, it is observed that the error count increases for em0/fxp1 (control-link) interface. This happens when the control plane CPU is high. When these errors are seen, there is a high...
View ArticleRe: SRX3600: chassis cluster control interfces em0 input error
hi, I know, about this web link. Firewall SRX1400 Juniper and SRX3600, both have this error.If the CPU utilization rate is high, what is the value of this. Monitoring equipment to monitor the firewall,...
View ArticleRe: SRX3600: chassis cluster control interfces em0 input error
Hi, CPU going high might have been a momentary thing. That is why your counters are increasing slowly. Do you have "event" logging enabled by any chance under "security log"? Regards,Anand
View ArticlevSRX 15.1 D50.3 incorrect MAC mapping on interfaces
Dear guys; i have a very strange issue on vSRX 15.1 D50.3(on ESXi), after adding 9 interfaces (and even with 3-4 interfaces) when i see the arp table on the vSRX and its connected devices, all the arp...
View ArticleMove certificate between clusters
Dears , We have an SRX5800 cluster used as LTE Security GW and it will be replaced by a new SRX5800E cluster ( enhanced chassis) , can I use same key and certificate used in the first cluster ?...
View ArticleRe: SRX3600: chassis cluster control interfces em0 input error
The customer has not yet provided the relevant log, estimated to be available tomorrow or later.
View ArticleRe: Proxy-Arp only works if monitoring external interface
Thanks for the reply. I will test this out today. One other thing I notcied is that it showing the "Next hop type" as discard, is that correct? I have a J-series router at another location that is...
View ArticleRe: VPN client unable to access 2nd site when connected to first site
Thanks for the response spuluka, The 10.10.9.0/24 network is from a third SRX connecting to the other two sites. We do not allow Dynamic VPN connectivity to that site. The IP ranges from Site to Site...
View Article