Re: config IDP on SRX cluster failed
Hi What version of code are you running? Please follow https://kb.juniper.net/InfoCenter/index?page=content&id=KB21052&smlogin=true&actp=search This will help you sync the files between...
View Articlecontrol link/fabric link failure
here is the cluster : node0---node1 rg1 is primary in node1 since there is one reth down in node0(unhealthy)rg0 is primary in node0 since the higher priority 1:now if contril link between node0 and...
View ArticleRe: config IDP on SRX cluster failed
You can also try request security idp security package download full-update
View ArticleFrom trust to trust zone for two internal network
Sorry to bother you. At the beginning we had SSG320 to connect the entire network for internet browsing and only one mail server. Afterware, we like some remote site user to connect part of internal...
View ArticleRe: control link/fabric link failure
Hi, From SRX HA Deployment Guide: Control Link communication loss only (Fabric communication is still successful)The RG0 secondary node will transition to an Ineligible state then transistion to a...
View ArticleClik here to view.
Re: control link/fabric link failure
hithanks for your answer.for control link failure:rg0 : primary node0(one interface is down in node0 dataplane ,so rg1 is active in node1)rg1rimary node1 even in this case, when control link failure...
View ArticleRe: Upstream Router ARP Problem
RFC 2119:"SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the...
View ArticleRe: control link/fabric link failure
Hi, I believe so as the RE [RG0 on node0] will not be able to communicate with the PFE of node 1 when control link is down. Cheers,Ashvin
View ArticleRe: From trust to trust zone for two internal network
I'm not sure from the description, but it sounds like you have both firewalls the SSG and the SRX connected to the same server LAN segment directly. Thus the servers have to choose one or the other as...
View ArticleRe: From trust to trust zone for two internal network
Required trust to trsut policy should all the communication from one server to other server.And in netscreen if hosts are in same zone then not required to be in same zone.
View ArticleRe: control link/fabric link failure
Hi Robbie, The following statement answers your query :- In the event of a legitimate control link failure, redundancy group 0 remains primary on the node on which it is currently primary, inactive...
View ArticleRe: Upstream Router ARP Problem
Hello,In CSCO world the same scenario results in ARP reply dropped by Cisco with "Wrong cable" syslog messagehttp://www.velocityreviews.com/threads/wrong-cable-interface-gigabitethernet0-1.379622/if...
View ArticleRe: From trust to trust zone for two internal network
Sorry about the confusion. Maybe I can specific more details.The internal network is under 192.168.0.0/24.All servers go into the internet via Netscreen 192.168.0.1/24Except one sever 192.168.0.20/24...
View Articledifference between firewall filter and firewall family inet filter?
I always use the set firewall filter ... command, but I've seen that many people use the set firewall family inet filter ... command, and I cannot see difference between those commands. I mean, both of...
View ArticleClik here to view.
Re: Upstream Router ARP Problem
Hi Alex, Thanks for ther reply. I can't get to the URL (maybe I need an account?). Anyway, no worries. Yes I did think about using 2 separate interfaces, so I could try that.. I also know a small...
View ArticleRe: Help configuring VLANs
Q. Does each vlan need its own static route with a next-hop set as the gateway router for its zone..A. No.. If you have only on uplink port going to your GW , you can specify one static route...
View ArticleRe: difference between firewall filter and firewall family inet filter?
Both are one and the same : v4 is the default filter family that is supported set firewall ?Possible completions:+ apply-groups Groups from which to inherit configuration data+ apply-groups-except...
View ArticleSub-interfaces on a SRX 240h
I am a novice on the juniper firewall (SRX 240h). I have a working production juniper running 10 Vlans, I would like to add a few more Vlans. I have a couple of questions I hope someone can help me...
View ArticleRe: Upstream Router ARP Problem
Hello,There was an extra space at the end of URL, fixed now.HTHThxAlex
View ArticleRe: Sub-interfaces on a SRX 240h
Hi tbuilt62, Your configuration is almost correct, except from what you've shared it seems you are using the interfaces ( ge-0/0/1-6 ) as access ports and not trunks ? Can you provide us with the...
View Article