Re: Set Static Route with an Outgoing Interface
Yes you can, however it must be a true point to point interface. The ISP is BSing you. That is easy. Connect up any device o get an IP address and you will get the gateway. I dont why they would say...
View ArticleRe: destination net unreachable with virtual-instances
Hi AshvinO, Correct.When i put this route in the routing table internet traffic is OKset routing-options static route 0.0.0.0/0 next-hop 1.1.1.6But this route is still available in the virtual-instance...
View ArticleRe: config IDP on SRX cluster failed
.......................................................
View ArticleRe: destination net unreachable with virtual-instances
Hi, To have the route in RIs imported in inet.0, the rib-group needs to be configured to share the static route.A policy can be applied to filter which routes to import. Example: [edit...
View ArticleRe: I can't do ping between two interfaces fxp in SRX in mode Cluster
Hi, Thanks for your reply I configured the back-router sentence but it is not possible the ping, i will check regards
View ArticleSRX3xx licenses JSE/JSB vs security options
Hello, Can someone make some clarification for me regarding new SRX3xx licensing scheme which after weird separate hardware from software appeared in Juniper: JSB vs JSEJSE adds "NGFw"...
View ArticleRe: SRX Chassis Cluster With BGP Router for Dual Internet Connection
Hi, IMO, the best option is the non-reth interfaces with dual ISP known as Mixed mode:http://chimera.labs.oreilly.com/books/1234000001633/ch07.html#mixed_mode WAN interfaces will be individually active...
View ArticleRe: wtmp not being generated
Hello , It seems file /var/log/wtmp is missing. Please follow up below procedure. 1. check if there is /var/log/wtmp.root@% ls -la /var/log/wtmp 2. If no such file, we will create it.root@% touch...
View ArticleRe: Gr-0/0/0 and st0 must have family inet address?
Hi Vikas and all, I am following your advice to use lo.0 with IP 1 for VPN and lo.1 with IP 2 for BGP, since both of them should be under Gp-untrust-vr for roaming traffic, we met below error when...
View Articleerror: Could not connect to node1 : No route to host - after power failure
I'm busy setting up our new SRX345 firewalls and in honesty it has been a complete nightmare! I finally managed to get the two clustered over our layer2 network with no errors, (by factory reset and...
View ArticleFilter specific traffic on policy-based VPN
Hi, We have the following setup: ** Policy Based VPN between a SRX 1400 and a Palo-Alto. Extra info on why we are using Policy-Based VPN: 1- We need one phase2 per local/remote network pair...
View ArticleHow to configure srx220 for 2 access points
I would like to configure a SRX 220 for 2 separate (aftermarket) access points. Please let me know if anything sticks out that I have missed I haven't tried this configuration yet, but hoped to run it...
View ArticleRe: Filter specific traffic on policy-based VPN
In order to do more specific filtering than just the matched subnets you need to have a route based vpn. The policy based vpn policy is used to create the proxy-id pairs and these only work when they...
View ArticleRe: Filter specific traffic on policy-based VPN
Hi Steve, to be honest, I think we can probably upgrade. We have a cluster of 2 nodes. Technically we should be able to upgrade without any downtime right? Any suggestions on what is the safest...
View ArticleRe: Filter specific traffic on policy-based VPN
Yes, ISSU is supported on the Data Center series devices. https://kb.juniper.net/InfoCenter/index?page=content&id=KB20959 Do review the release notes for the new version carefully for the upgrade...
View ArticleRe: Filter specific traffic on policy-based VPN
Hi Steve, I'm preparing this, one last thing: There is a NOTE on the doc you mentioned: TSB16905 - On SRX High-End platforms, when NAT is configured, ISSU upgrade from 12.1X46-D40 to any higher...
View ArticleRe: Filter specific traffic on policy-based VPN
Yes, that is how I read this TBS as well, your version is not affected per the notes on the bottom. Other releases in 12.1X46 besides D40 do not have this issue and can perform ISSU to higher releases...
View ArticleRe: error: Could not connect to node1 : No route to host - after power failure
Hello , The errors provided are not problematic as they are "Scheduler Oinker" mesaages which is thown when the resources are freed in SRX . But our main issue is that the dataplane failover is having...
View Article