Re: vSRX cluster setup root password complexity question
Hi, I would suggest using a complicated password as the system by "default" is requesting. Save the password in a password fault.When operating a system you hardly use the root user. For some debugging...
View ArticleRe: vSRX cluster setup root password complexity question
Try adjusting parameters as per your requirements: https://kb.juniper.net/InfoCenter/index?page=content&id=KB28967&smlogin=true&actp=search
View ArticleRe: Dual ISP Failover Configuration (default route not working )
Hello , The Qualified next hop only works when the physical link is down . Else you need to follow the KB :...
View ArticleTroubleshooting DHCP relay
Hi, SRX650 How to apply this filtering with "sample" mode , in to order to sample destination-mac-address to PCAP file . [edit firewall]family bridge {filter evil-mac-address {term one {from...
View ArticleAWS VPC VPN IKE Timeout
We have been trying to setup a connection from our SRX240 to our AWS VPC without much luck. We followed the JunOS configuration provided by AWS exactly as written (except for replacing the names of the...
View ArticleRe: AWS VPC VPN IKE Timeout
Do you have IKE allowed for the zone that your gateway ip addressed interface is in? for exampleset security zone security-zone untrust host-inbound-traffic system-services ike Also this could be a...
View ArticleRe: AWS VPC VPN IKE Timeout
spuluka wrote:Do you have IKE allowed for the zone that your gateway ip addressed interface is in? for exampleset security zone security-zone untrust host-inbound-traffic system-services ike Also this...
View ArticleClik here to view.
Re: External Users Can't Reach Public Addressed Devices in DMZ from Untrusted...
I created a log file with traceoptions that searched for .210 source and destination from my untrusted interface. Log file isn't showing any data pertaining to the filters applied. As policy states...
View ArticleRe: SRX with four ISP, Traffic can go out from Internal Work with FBF, but...
OK,So there should be no problem nor limitation due to this document :https://www.juniper.net/us/en/local/pdf/datasheets/1000281-en.pdfCould you attach the configuration of the SRX ?
View ArticleRe: SRX with four ISP, Traffic can go out from Internal Work with FBF, but...
Before that, check if its related to host-inbound-traffic configuration host-inbound-traffic { system-services {
View ArticleRe: SRX with four ISP, Traffic can go out from Internal Work with FBF, but...
config like below:set version 12.1X46-D40.2set groups node1 system host-name SRX220.Secondaryset groups node1 interfaces fxp0 unit 0 family inet address 11.0.0.2/24set groups node0 system host-name...
View ArticleRe: SRX with four ISP, Traffic can go out from Internal Work with FBF, but...
I use 4 vlan to seperate multiple external interfaces, reth0.1, reth0.2, reth0.3, reth0.4In the internal interface, I use FBF and apply input filter to the interface reth2, all the traffic can go out...
View ArticleMultiple external interfaces with different Gateway
How to config Multiple external interfaces with different gateway?I use 4 vlan to seperate multiple interfaces, such as reth0.1, reth0.2, reth0.3, reth0.4In the internal interface, I use FBF and apply...
View ArticleRe: SRX with four ISP, Traffic can go out from Internal Work with FBF, but...
Hi,set firewall family inet filter Internal-Traffic term 10 from destination-address 8.8.8.8/24Can you give me more explination why this filter has no "then" action ? and what "8.8.8.8" is suggesting?...
View ArticleRe: SRX with four ISP, Traffic can go out from Internal Work with FBF, but...
Hi,You said: "But I don't know how to config the multple external interfaces with different gateway, " Here is a liitle...
View ArticleInterVlan Problem
Hi,I have a problem with a topology and I can´t find a solution. I want to do a InterVlan with one SRX110 and 2 Switch. I have connected the truck in the interface 7. This is connecected in the port 1...
View ArticleRe: Troubleshooting DHCP relay
Hello,"Sampling" bridged traffic is otherwise called Sflow and Sflow is not supported on SRX.https://en.wikipedia.org/wiki/SFlowBut You should be able to t'shoot DHCP (relay or no relay) by matching on...
View ArticleRe: SNMP scan from untrust
Hi, I have the same issue, spamming the logs. SNMP is not exposed external. Did you find a solution? //Rob
View Article