Re: IP Sec VPN with Checkpoint and Proxy ID
Hi AkeFTH, It sounds like you're doing route-based vpn on the SRX towards a Check Point firewall. I will suggest looking at Traffic selectors where you define the proxy-id's in pair. More information...
View ArticleIpsec tunnel down when ike lifetime reached
Hello, I have a problem with an ipsec tunnel between a srx240 (running junos 12.1X44-D35.5) and a linux strongswanTunnel goes up and is working fine but when ike lifetime is reached, it goes down and i...
View ArticleTelnet Command
Hello I would like to telnet a mail server from srx 240 i tried this telnet hostname port 25 interface is the above command correct
View ArticlePing using interface
How to ping www.google.com As i have several interfaces primary:node0}admin@FE-FW> show interfaces terseInterface Admin Link Proto Local Remotege-0/0/0 up downgr-0/0/0 up upip-0/0/0 up upge-0/0/1...
View ArticleRe: Telnet Command
Hi, Yes it is correct You can refer for more details. https://www.juniper.net/documentation/en_US/junos12.1x46/topics/reference/general/security-telnet-command.html
View ArticleCancel a pending "commit confirmed"
Is there any way to cancel a pending "commit confirmed" command? Say you gave yourself 5 minutes to see if your active configuration was going to work, and you realize - oh, I missed something lets...
View ArticleRe: Cancel a pending "commit confirmed"
Hi,# rollback 1 # commitshould rollback the config immediately. Cheers,Ashvin
View ArticleRe: Ping using interface
Hello , I am not sure if I got your query correctly , You need to ping "www.google.com" from your SRX sourcing an interface . If this is correct , you need to define a DNS under "edit system...
View ArticleMalicious IP Filter
Does anyone have a pre-built prefix list to block malicious/foreign ip ranges in a firewall filter? A set command dump would be most appreciated.
View ArticleSimply cannot get SNMP working on SRX240
Hi guys,Hope you can help me, after many attempts to get SNMP working I am turning to you for some help.My config looks like this: security-zone Trust { description "Trusted Zone ";...
View ArticleRe: Simply cannot get SNMP working on SRX240
We might need more of your configuration output to try to help you. If you've got the lo0 interface configured and have some deny terms in firewall section, you should allow there your monitoring host...
View ArticleJuniper SRX240H2 FPC 0 PIC 0 CPU utilization
Hi, Just want your oppinion guys. Are SRX240H2 really so weak, or I'm missing some configuration?The only thing this SRX does at this moment is OSPF, BGP, NAT and some simple CoS on the uplink...
View ArticleRe: Simply cannot get SNMP working on SRX240
Hi Romeo Thanks for the reply. I already have the Polcies in place from-zone Trust to-zone Trust { policy test { match { source-address any; destination-address any; application any; } then { permit;...
View ArticleRe: Malicious IP Filter
Hi dhart, There are various drop lists out there you could use. For example, Spamhaus Drop and Extended Drop lists below: http://www.spamhaus.org/drop/drop.txt http://www.spamhaus.org/drop/edrop.txt...
View ArticleRe: Malicious IP Filter
Hi, There is no list available on the SRX. Here is the configuration to block the IPs using firewall filters :- set firewall filter test2 term 1 from source-address 31.13.81.5/32 set firewall filter...
View ArticleReconnect 2nd SRX550 to the cluster
Hey Everyone,I have 2 SRX550s configured in a cluster. A little while back, the primary SRX was accidentally put into L2 mode. After this happened, the secondary SRX was powered down. JTAC was able to...
View ArticleRe: Simply cannot get SNMP working on SRX240
Hi, If you are trying to poll SNMP from a client you may need to add it in the snmp clients:set snmp community xxx authorization read-only clients x.x.x.xCheers,Ashvin
View ArticleRe: Reconnect 2nd SRX550 to the cluster
The second node will take the config from the active note. I've done this several times and it never went wrong. Having said that I still would advice you to perform the action in a maintenance window....
View ArticleRe: Juniper SRX240H2 FPC 0 PIC 0 CPU utilization
The SRX-240 is rated at 600Mb/s IMIX so your graph showing traffic plateauing at 500Mb/s along with the CPU warnings would indicate you are hitting its maximum throughput capacity with that traffic...
View ArticleRe: Reconnect 2nd SRX550 to the cluster
Hi, I would suggest that you follow the action plan mentioned below to get the secondary into the cluster again, without any downtime :- Connect only the control and fab links (Not the revenue...
View Article