Re: Unable to browse website after deploying Juniper SRX220H as Transparent Mode
removing it from the srx would be going through your security policies and removing the policy that it requesting the srx to decrypt the ssl session.....it would be a policy that provides upper layer...
View ArticleRe: Unable to browse website after deploying Juniper SRX220H as Transparent Mode
Here is the configuration in the policy from-zone Trusted to-zone Untrusted { policy Outbound { match { source-address any; destination-address any; application any; } then { permit {...
View ArticleRe: SRX300 series VLAN interface
Hi Aaron, my unit is very hot due to being in a drawer with a EX2200-C-12P-2g directly on top :-) Placed on a table, they are warm but not too hot to be touched. I wouldn't expect a fanless unit with...
View ArticleRe: SRX1500: IRB interfaces and Ping issues between directly connected...
A couple of thoughts/test cases you can do: check if arp-entries are showing to pin point if it's related to security or basic switching infrastructure. Have you assigned the irb's to the vlans and are...
View ArticleRe: create cluster match the license between 2 srx240 , I can't delete one...
I have this show system license License usage: Licenses Licenses Licenses Expiry Feature name used installed needed dynamic-vpn 0 2 0 permanent ax411-wlan-ap 0 2 0 permanent Licenses installed: none...
View ArticleRe: SRX1500: IRB interfaces and Ping issues between directly connected...
Hi, Do you see arp for the other nodes?Maybe you could try configuring security policy using junos-host zone:https://kb.juniper.net/InfoCenter/index?page=content&id=KB24227&actp=search...
View ArticleRe: SRX1500: IRB interfaces and Ping issues between directly connected...
Hi, Do you have the Vlan configuration where you have specified the l3 interfaces as irb interfaces :- vlans { vlan100 { description "Server VLAN"; vlan-id 100; l3-interface irb.100; } vlan200 {...
View ArticleRe: create cluster match the license between 2 srx240 , I can't delete one...
Hi, That is correct. I am not sure if it is possible to delete these default permanent licenses. Maybe you can try getting the ax411 license for the other srx as well. You can check this from the...
View ArticleRe: fbf - single lan / 2 dmzs to dual isp intermittent rto
Hi, Not related to the intermitence issue, just some observations:1. Understand the ISP interfaces are in default inet.0. Would expect the interface-routes rib-group to be in default:set...
View ArticleClik here to view.
Re: SRX 5400 - GARP issue after RETH recovered
Hello Ashvin, Thanks for your fast answer. I checked the jsrpd files logs and it was very usefull.In fact the swiches direclty connected to the firewall (nexus and 6880X) were configured with STP...
View ArticleRe: Unable to browse website after deploying Juniper SRX220H as Transparent Mode
I would add a policy before the outbound one that has no idp and an appication of junos-https. This will allow all the ssl sessions without the inspection and still do the IDP on all other sessions.
View ArticleRe: Integrated User Firewall Issues
Hi, I believe if user is unknown, IP address to username mapping is not known to the SRX.SRX would retrieve this from Event log in AD. 2 things you could check:1. Is the IP to username being...
View ArticleRe: SRX1500 SSL Proxy Signing hash
Ive gotten one open and have run through a couple kbs so far to no avail - ill post back soon as we figure it out. - hopefully between the two of us they can get this sorted...kinda makes the sky atp...
View ArticleRe: SRX1500 SSL Proxy Signing hash
Thanks man. I'm just gonna wait for your update from JTAC instead of opening another case.
View ArticleRe: export network between routing instances
After I got the policy to export now im trying to test the services.It consist on a device on the Untrust VR accessing a serving on the Trust VR via HTTPS, but i dont even see traffic accessing the...
View ArticleRe: SRX1500: IRB interfaces and Ping issues between directly connected...
Hi guys, I have all interfaces up including irb and ae and all irb interfaces in security zones with host inbound to allow all and policies written to allow all traffic. But its very weird that pings...
View ArticleSRX Cluster (Active / Active) Over Ethernet
HiI want to make a cluster of SRX firewall over an ethernet Link. I couldn't find exact config though found many guides. I am bit confuse how to configure Control & Data link interfaces since these...
View ArticleRe: SRX Cluster (Active / Active) Over Ethernet
Hi, Please go through the following 2 links which have all the details of cluster deployment :- https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/technotes/3500165-EN.pdf...
View ArticleARP Request Being Ignored
(IPs obfuscated) Hi all, I receive Internet traffic from a managed upstream router over which I have no control. It is a managed service office and the router sends traffic to a number of customers –...
View Article