ipsec vpn config on MX80 MIC card
Hello forum guys and security experts, I need some help with ipsec configuration. I followed guide from http://www.juniper.net/techpubs/en_US/junos13.2/topics/example/ipsec-configuring-on-ms-mic.html....
View ArticleRe: Video on How to configure Chassis-Cluster on SRX210?
I know this post is for Clustering but I wonder when you would choose Clustering versus VRRP assuming the goal is to acheive HA while also having a Multi Homed BGP config. I was thinking do VRRP and AS...
View ArticleAllow ping to public address from SPECIFIED public address(s)
I have an issue where one of my remote offices is dropping their RDP session to one of our servers behind the SRX. Internally, NOBODY is having an issue.How can I allow my SRX to only respond to ping...
View ArticleRe: Allow ping to public address from SPECIFIED public address(s)
Hi,I believe system-services allowed in that specific zone would do this:set security zones security-zone xxx host-inbound-traffic system-services pingThis would allow ping to the IP address configured...
View Articlesrx1500 HA Control Port
Hello,due to SRX650 end of sale, we had to lately order 2 SRX1500;those SRX1500 have a new dedicated HA Control port which is SFP based so, apparently 1G speed (Copper of Fiber)so, SRX-SFP-1GE-SX or...
View ArticleRe: ipsec vpn config on MX80 MIC card
Hello,You are missing this lineset services ipsec-vpn establish-tunnels immediately The default is to start IKE/IPsec negotiation only when there is interesting traffic hitting MS interface.HTHThxAlex...
View Articleexport network between routing instances
Hi all In having issues when exporting a network between to routing instances configure as VR In using policy statement to do it, I already exporting routes received via OSPF and Direct Routes but when...
View ArticleRe: Video on How to configure Chassis-Cluster on SRX210?
The SRX is a firewall in addition to a router, so we have to be concerned with the session table sync in addition to the routing gateway failover. Clustering allows this sync to occur for seamless...
View ArticleRe: srx1500 HA Control Port
The hardware guide for the SRX1500 shows that the HA port is a standard 1G SFP port and not an SFP+ port, so 10G would not be supported. Table 3 / Item #11 page 7...
View ArticleRe: export network between routing instances
I think you need to drop the term protocol local because the route is seen the table as direct. I believe the three terms together as taken as AND so as a result with both local and direct in the term...
View ArticleDefault Gateway not on the same subnet
Hello,I sure hope someone can lend a hand...I have an SRX650 that I just did the basid setup on, and while running through the wizard, I found that I could not assign the gateway IP because it is on a...
View ArticleClik here to view.
Re: Allow ping to public address from SPECIFIED public address(s)
Hello, I believe the below Documents will be helpfule to you in restricting the PING requests to your SRX interface IP address. https://kb.juniper.net/InfoCenter/index?page=content&id=KB21265...
View ArticleRe: Default Gateway not on the same subnet
Your public IP is 65.153.72.74, not 207.108.206.249. interfaces { ge-0/0/0 { unit 0 { family inet { address 65.153.72.74/30; } } } } routing-options { static { route 0.0.0.0/0 { next-hop 65.153.72.73;...
View ArticleRe: export network between routing instances
spuluka wrote:I think you need to drop the term protocol local because the route is seen the table as direct. I believe the three terms together as taken as AND so as a result with both local and...
View ArticleRe: Default Gateway not on the same subnet
I made the modifications and I am still not passing traffic.default route is installed at least.Here is my new config.## Last changed: 2016-09-17 18:12:46 GMT-8version 12.1X44.3;system { host-name FW;...
View ArticleSRX 340 OSPF Advertise entire /23 when only portions of the subnet currently...
I would like to advertise simple routes that don't appear in my routing table. Only parts of these subnets are static routes in the router but I would like to advertise the entire subnet anyway....
View ArticleRe: export network between routing instances
I tried the suggestion but still not been imported to the selected Routing Instance. Any clues?
View ArticleRe: Default Gateway not on the same subnet
Update!It is working now.Neither of us correctly guessed the screwed up config the ISP has set on their device that is handing off my ethernet circuit from the ONT.I was figuring they would have the...
View ArticleRe: SRX300 series VLAN interface
Hello Experts, I am implementing HA in SRX345 in L3 mode and I also need to set vlan in L3 mode. I have no issue in srx240 with Junos12.1x. I have individual interface on each node to access vlan and...
View ArticleRe: SRX 340 OSPF Advertise entire /23 when only portions of the subnet...
You would configure route aggregation for this purpose. http://www.juniper.net/techpubs/en_US/junos13.3/topics/example/policy-aggregate-routes.html
View Article