Re: Is it possible to send syslog files content to some server/pc?
You should be able to do an OR statement match (RT_FLOW|WEBFILTER_URL_BLOCKED)
View ArticleTrying to configure 2nd WAN connection in J-Web
I'm transitioning from Screen OS and don't know the CLI other than to scratch the surface. I've configured an SRX300 with a WAN connection on ge-0/0/0 and now want to add a 2nd WAN connection on...
View ArticleRe: Clientless VPN to SRX not possible?
That would have been perfect, but unfortunately you cannot create a dynamic VPN using IKEv2. This is not supported on the SRX platform.
View ArticleScreen option SYN-FLOOD.
Hi All,i'm studying for the JNCIS-SEC and i'm studying the SCREEN options to avoid some attack types. I understood that the SRX can do the tcp-proxy between a client and a server, right? This is enable...
View ArticleRe: Screen option SYN-FLOOD.
Hi João The basic reason is to prevent a type of denial of service attack. An attacker will attempt to create as many connections (sending SYN-ACK-ACK) to a particular resources that either the...
View ArticleClik here to view.
Re: Screen option SYN-FLOOD.
Hi Dawid,THANKS A LOT for take your time answering my question. I understood that the SYN Flood protection is used to protect the NETWORK against DOS attacks and the SYN-ACK-ACK protect the firewall...
View ArticleRe: Is it possible to send syslog files content to some server/pc?
rseibert wrote:You should be able to do an OR statement match (RT_FLOW|WEBFILTER_URL_BLOCKED)Thank you! It already work, but with quotes instead of parenthesis: match "RT_FLOW|WEBFILTER_URL_BLOCKED";
View ArticleRe: Screen option SYN-FLOOD.
A SYN flood attack inundates a site with SYN segments containing forged (spoofed) IP source addresses with nonexistent or unreachable addresses. (Juniper Reference) Another important bit of...
View ArticleRPM not working quite like I expect
I have a small cluster of SRX220's (v 12.3X48-D30.7). They have a single reth0 interface between them that has a couple subinterfaces tagged. The reth terminates into a pair of EX3300's (Node0 ->...
View ArticleRe: Juniper SRX - Archival Site only reachable via routing-instance
Hi, Could you perhaps use -JU to specify the routing-instance:usage: scp [-12346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [-JU...
View ArticleSRX Failed on Blocking Proxies
Hi EveryoneAnyone tried to block proxies applications such (Kproxy, psiphone, ZenMate ...etc), i try to do that using AppSecure & IDP with the new Junos version 12.3x48 & 15.1 without any...
View ArticleSRX5800 SRX-MIC-10XG-SFPP Oversubscription
Dears , Is there any oversubscritpion ratio to be considered for this MIC : SRX-MIC-10XG-SFPP installed into an SRX5800 enhanced chassis with two SCB2 ? Br.
View ArticleClik here to view.
Re: Screen option SYN-FLOOD.
HI Dawid,you're the man! I understood the process!!! The key to understand it is: SRX will only proxy SYN segments when the SYN Flood protection kicks in. Thanks a lot for explanation. This concept is...
View ArticlePort Forward and DMZ Help.
Hi, this is my SRX210BE with JUNOS Software Release [12.1X46-D55.3] conf: ## Last changed: 2016-10-18 20:22:27 CEST version 12.1X46-D55.3; system { host-name JuniperSRX210; time-zone Europe/Rome;...
View ArticleRe: Port Forward and DMZ Help.
You need to configure destination IP with these ports. You need to configure destination pools, for example: set secutiy nat destination pool pool_51413 address 192.168.5.160 port 51413 then configure...
View ArticleRe: Port Forward and DMZ Help.
You would need to NAT the traffic. First, create the pool:set security nat destination pool 192.168.5.160/32 address 192.168.5.160/32 Then configure the NAT:set security nat destination rule-set...
View ArticleVLAN Routing between different zones
Hello, three days ago I try to configure VLAN Routing between different zones on SRX 100.The Szenario:four zones - internal-trust, internal-developer, guest, mgmtThe zone internal-trust use vlan trust...
View ArticleRe: Port Forward and DMZ Help.
First attempt:set security nat destination pool 192.168.5.160/32 address 192.168.5.160/32 root@JuniperSRX210# ....160/32 address 192.168.5.160/32 error: pool-name: '192.168.5.160/32': Must be a string...
View ArticleRe: VLAN Routing between different zones
Denis, If your intention is to have the domain-controller give out IP addresses to clients in the dev-zone, which is in a different subnet, then you would need to specifiy the IP of the...
View Article