Re: detect unused objects in SRX Firewall
If you can get a demo copy and have a VM infrastructure, then Junos Space Security director would be able to help. You can search object usage once devices are imported to see where they are in...
View ArticleRe: restrict access based on mac address
Hi guys,Can you clarify please, is that function available for Juniper SRX220?mac address filtering?thanks in advance
View ArticleRe: vSRX 15.1 D50.3 incorrect MAC mapping on interfaces
Please can anyone from this forum reply to this post.? Waiting eagerly fro your kind replies.
View ArticleRe: vSRX 15.1 D50.3 incorrect MAC mapping on interfaces
Hello, I successfully tried this in my lab. It works without any issue.Key is you have to follow the mentioned link correctly. Regards, Rushi
View ArticleClik here to view.
TCP MSS and IPsec VPN
Hi, Strange problem I'm seeing. Customer currently runs an IPsec VPN over an MPLS link, but they would like to save some money and move to an internet-based IPsec VPN. Problem is, even though the...
View ArticleRe: TCP MSS and IPsec VPN
Hi, As I understand, when the server sees the SYN packet the TCP MSS should have been adjusted to 1350 by SRX1, however the server may not reply with an MSS of 1350. The payload could be higher...
View ArticleRe: SRX300 usb serial console driver - which one?
Will it work with EX-2200 and SRX-550?
View ArticleRe: restrict access based on mac address
Here is the updated documentation on port security options. http://www.juniper.net/techpubs/en_US/junos15.1/topics/concept/port-security-mac-limiting-and-mac-move-limiting.html These are still only...
View ArticleRe: SRX clustering over layer 2 switched network
I havent tried it yet but according to partner-support, there is no limitation within EX-switches. Just make sure mtu 9216 is set.
View ArticleRe: TCP MSS and IPsec VPN
Hi This looks like an "MTU blackhole" problem to me. It happens when transit network is SILENTLY dropping packets starting from size X. Normally this should never happen: packets that are too large...
View ArticleRe: Strange behavior on srx345 in cluster mode.
shyan schrieb:Just remove the same IP subnet configured from reth interface except the untrust zone interface then see.I've done so, but still not responds. i have deleted the logical reth1 and reth2...
View ArticleRe: Unable to ping default gw from SRX240 cluster Node0 using fxp0
Hi, The forwarding-table looks ok and arp for the gateway is present too.Only difference between node 0 & node 1, is that the passive node does not have a routing/forwarding table and uses the...
View ArticleRedundant ST Interfaces
We have two tunnels configured for a single route. By default traffic is routed over the first interface defined in the configuration. When this interface goes down traffic does NOT route to the...
View Articlesrx archival SCP Issue
Hi, I'm tring to get archival configuration to work on a srx100h2. i got an ip 10.252.0.27 on srx and 10.50.50.21 for the FTP , SFTP Server. When i try a command like : "file copy /var/log/messages...
View ArticleTest Zone Routing
Hi, I have 3 different security zones. CORP, WAN and SECRET. I want to be able to pass traffic between CORP and SECRET and between CORP and WAN but not between WAN and SECRET. Each zone has an...
View ArticleRe: TCP MSS and IPsec VPN
Thanks for the response, Ashvin. I definitely agree with your first point about the SRX adjusting the MSS in the TCP SYN packets. Thanks for the reference to RFC879 as well. I've now had a read of that...
View ArticleRe: TCP MSS and IPsec VPN
Thanks PK. I won't type out my whole response again (see above), but what you have said makes good sense. Perhaps I will be better served by changing the df-bit setting on my SRX1 rather than relying...
View ArticleRe: Test Zone Routing
Hi, The traffic generated from the SRX itself would be considered generated from "Junos-host" zone and would not be hitting the security policies you have put in place for the 3 zones. Hence, it should...
View ArticleRe: Redundant ST Interfaces
Hi, You can try ip-monitoring with rpm probes as explained in the following link :-https://kb.juniper.net/InfoCenter/index?page=content&id=KB25052&actp=search Regards,Sahil...
View ArticleRe: TCP MSS and IPsec VPN
Hi, Based on the reading that I've done so far, my understanding of the SRX1 behaviour when the df-bit setting on an IPsec VPN is left at default (ie. "clear) is that the SRX won't send the ICMP type...
View Article