Re: Unable to ping default gw from SRX240 cluster Node0 using fxp0
Hi Ashvin,do you have any idea? Or should I give up on OOB management?Best Regards Edson
View ArticleSRX300 - internet ping okay, website access not possible
Hello, I'm facing a strange issue. Our SRX300 is the firewall in front of our router and connected to the internet. The firewall can successfully ping external adresses and so can the clients in the...
View ArticleClik here to view.
Re: Juniper SRX 100 no storage error
spuluka wrote:If you have a working SRX100 you can try this procedure to get a bootable USB drive (Kingston 8Gb or less are tested good for this, others may also work.)...
View ArticleStrange behavior on srx345 in cluster mode.
Hi guys, i have a strange behavior on two brand new srx345. In cluster mode, i can't ping the reth0 interface from the outside. Let's get the point first, the reth0 interface is already set up in a...
View ArticleRe: SRX300 won't do Site-to-Site Dynamic IPSec VPN (but worked on SRX210)
There is an issue if you are trying to terminate the VPN on IRB interfaces. Can you provide the config and ike logs?
View ArticleRe: SRX300 - internet ping okay, website access not possible
Can you configure flow traceoptions and see what is happening? The configuration looks fine. https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110
View ArticleRe: SRX Syn problem
I got a pcap traff. from srx and i realize that it answered %3.7 of the syn traffic with syn ack
View ArticleRe: services dhcp-local-server vs service dhcp and vlan
thanks for your help,anyway after upgraded SRX240 to 12.1X46-D40.2 and make factory reset still the default configuration have "service dhcp pool" instead JDHCP.
View Articlesystem name-server apply to all jdhcp pool
Hi all, is it possible to apply the "system name-server" value to all pool jdhcp instead repeat the name-server inside each pool ?I have more than 20 pool is quite waste of line/space pool LAN115 {...
View Articledetect unused objects in SRX Firewall
I have 3 firewalls with several hundred custom applications, application sets, address and address sets, however they are not all in use by policies. Is there a way to determine which ones are in use...
View ArticleRe: Strange behavior on srx345 in cluster mode.
I had same issue and when i disabled the member interface of reth from passive device then It worked. Actually srx loadbalance the packet on member interfaec of reth so when packet go to passive...
View ArticleRe: detect unused objects in SRX Firewall
You need to verify these against configured applications, application sets, address and address sets, in policies
View ArticleRe: detect unused objects in SRX Firewall
Aside from noting each application, application-set, address, and address set then cross refercing them against all policies by hand, i was looking for a tool or script that would help automate this....
View ArticleIs there any body succeded to use SYN cookie ?
we have tested too many times with a very very simple config This is the test result of stress test :http://www.filedropper.com/my-capturebuyuk2 you should download the pcap file and check the syn...
View ArticleRe: Is there any body succeded to use SYN cookie ?
Error logs : Sep 22 22:52:58 RT_IDS: RT_SCREEN_TCP_DST_IP: SYN flood! destination: 37.123.98.138, zone name: untrust, interface name: xe-1/0/0.0, action: alarm-without-drop Sep 22 22:52:58 RT_IDS:...
View ArticleClik here to view.
Re: SRX300 won't do Site-to-Site Dynamic IPSec VPN (but worked on SRX210)
Thanks for offering to help. I'm trying to get the IKE log. I just cleared it to generate some clean log but now nothing is being generated which is odd. Anyway, three configs attached: 1. SRX210...
View ArticleRe: SRX300 won't do Site-to-Site Dynamic IPSec VPN (but worked on SRX210)
Fixed! Apologies if I've wasted some time here. I've just found a problem with the SP gateway northbound of the SRX300. A reboot and the VPN tunnel is now up. What's the appropriate action for a JNET...
View ArticleRe: Strange behavior on srx345 in cluster mode.
I see that you have configured same subnet ip-addresses for multiple reth interfaces.You could run show route and check route that SRX takes to respond. Regards,Raveen
View ArticleRe: SSG5 vs SRX210H IPsec throughput performance, RTPERF_CPU_THRESHOLD_EXCEEDED
Even now, in 2016, SRX suffer poor performance with ipsec vpn. Ive had throughput issues on srx 220, 240, and 650. Even setting the recommended mtu and mss sizes does not always fix the issue....
View Article