Re: BAD SPI messages in the event log ( Juniper SRX )
Hi there, Can you check the encryption domains on each device?
View ArticleRe: QOS question - phsyical port speed override?
the config above did not work, just to be clear I did make the policer and fire wall policer and it still did not work
View Articlefbf - single lan / 2 dmzs to dual isp intermittent rto
hi guys, im wondering if what is the issue on my setup; LAN Segment => 1.1.1.0/24 => ge-0/0/0.0DMZ Segment 1 => 5.5.4.0/26 => ge-0/0/5.0 (for ISP 1)DMZ Segment 2 => 6.6.4.0/26...
View ArticleRe: QOS question - phsyical port speed override?
What if you just set the physical interface speed to 10m? set interfaces ge-0/0/1 speed 10mAnd see if that works.
View ArticleRe: Unable to ping default gw from SRX240 cluster Node0 using fxp0
Guys,After coincidentally needing to reboot the MX-960 MPLS node, the issue is fixed.Now I can ping the SRX clusters connected on the EX4300 virtual chassis.So probably some bug on the MX JUNOS...
View ArticleRe: SRX300 series VLAN interface
[edit security zones security-zone data-trust]'interfaces irb.100'Interface irb is not allowed in mix modeerror: configuration check-out failed This is the exact error, you can't seem to commit and...
View ArticleRe: SRX300 series VLAN interface
Hi timamplex, you need to ensure that l2-learning has been configured for switching and the srx hsa been rebooted afterwards: user@fw# show protocols l2-learning {global-mode switching;} if not...
View ArticleRe: QOS question - phsyical port speed override?
The best method would be to set the interface speed to 10M on the fe (100M interface) and on the 250M interface we have to use shaping rate config. Please note that the SRX branch devices use software...
View ArticleRe: QOS question - phsyical port speed override?
# show interfaces ge-0/0/0 Oct 07 09:30:47description "# Ethernet LAN #";per-unit-scheduler;speed 10m; run show interfaces ge-0/0/0 extensiveCoS transmit queue Bandwidth Buffer Priority Limit % bps %...
View ArticlePower off device automatically when system is out of power
Hi all, I'm supporting for small data center network using EX3300, EX4200, SRX650 devices. When system is out of power, The UPS can supply within 5 minutes for devices. So I want to creat script or...
View Articlesrx340 cluster and LACP weird reth interface issue
Hardware: SRX340, EX4300Sofware version: SRX340 : 15.1X49-D50.3 EX4300: 14.1X53-D35.3 Doing LACP between a pair of SRX340 and EX4300. No problem with LACP configuration and all interface are up.When...
View ArticleNAT Management Traffic for multiple downstream cellular routers on management...
Hi, I would like to NAT management traffic for 50 routers on the trusted side of my Juniper SRX 340 through the single management port on the SRX. Basically I have 50 cellular routers using private IP...
View ArticleRe: Power off device automatically when system is out of power
Hello, You might get some useful information here: https://forums.juniper.net/t5/Ethernet-Switching/Proper-Shutdown-Juniper-Equipment-on-UPS/td-p/97610 Regards, Rushi
View ArticleRe: NAT Management Traffic for multiple downstream cellular routers on...
Hi , Because fxp0 interface is outside flow module( i,e no zones, policies ,nat etc) and it is not intended for transit traffic we can not achieve this requirement . If you send any non-standard...
View ArticleRe: srx340 cluster and LACP weird reth interface issue
I experience an issue with LACPHardware: SRX340/345 ; EX2200Software: SRX340 : 15.1X49-D50.3; EX2200: Junos 12.3R12 If all members of AE interface are not connected while booting up, traffic does not...
View ArticleRe: srx340 cluster and LACP weird reth interface issue
Hi, My SRX3600 (12.1X47-D30.4) are working fine with reth, and I used to add new sub interface all the time. Can you clarify what is the solution "reboot the firewall" is?
View ArticleRe: IP Sec VPN with Checkpoint and Proxy ID
The error doesn't seem related with proxy-ids/traffic-selectors. Did you try this? security { ike { respond-bad-spi; } }...
View ArticleRe: SRX1500 SSL Proxy Signing hash
The certificate loaded on the SRX1500 is issued by our CA using the steps described on the link you provided. From a client PC, the SRX1500 certificate is already trusted since it inherits the trust...
View ArticleUpdate Junos version in SRX cluster
Hi Guys, I need to update two SRX 220h in cluster, but when I tried to copy junos version from Node0 to Node1, the imagen was corrupted, I used the following command in start shell mode: rcp -T...
View Article