Re: design solution
hello , Yes , you are connect , One link from each node to the switch stack . I hope the Switch stacks are in redundancy mode
View ArticleRe: SRX 100 High CPU with small traffic
I have more info.At the moment then CPU was increased, one guy was downloading 3GB ISO file from on site to another throuth VPN IPsec. P.S Thank for the answer, i try this commands.
View ArticleRoute-Based VPN - Traffic forwarded in Incorrect VPN
Hi Having an issue with Route-Based VPN. Traffic is being forwarded in incorrect VPN. Setup:+ Juniper SRX 650 Cluster+ Two VPN Tunnels towards remote location with Primary/Secondary setup. +...
View ArticleRe: Route-Based VPN - Traffic forwarded in Incorrect VPN
Hi, can you please send the config of the FF ?also make sure that the FF in attached to the internal interface
View ArticleRe: SRX routing with redundant connections
Hi, One potential challenge in this setup is asymmetrical routing. Since the SRXs are not in HA cluster and firewalls are stateful, this may cause issues of non-stateful sessions for return traffic...
View ArticleRe: Route-Based VPN - Traffic forwarded in Incorrect VPN
Hi Jonathan, set routing-instances West-New instance-type forwardingset routing-instances West-New routing-options static route 0.0.0.0/0 next-hop st0.3set routing-instances West-New routing-options...
View ArticleBGP neighborship delay after flap
Hi Guys, hoping someone can help me, I've noticed that if I have a BGP neighbor flap on my SRX210H2's, the device starts a timer and waits just over 30 seconds before trying to establish the BGP...
View ArticleRe: SRX routing with redundant connections
Joses, The next hop is different for both links. Its true link diversity. I'm sure the do combine at some point but I have different next hop for both since I have different circuits. What we want to...
View ArticleRe: interface nat 'port-overloading off' - what does it mean?
Pk, I'm happy that I have found your post. Great explanation! Thank you!
View ArticleSRX 650 with dual ISP
hello champions, please advise with attached design as srx-650 with dual isp (BGP failover ) ihave two subnet in lan 10.10.10.0/24 & 20.20.20.0/24 10.10.10.0/24 will routed to ISP-1 &...
View ArticleRe: SRX 650 with dual ISP
This will be the basic configuration example for dual ISP with Filter based forwarding and failover. https://kb.juniper.net/InfoCenter/index?page=content&id=KB22052
View ArticleRe: srx5400 HA cluster and dual SPC
Hello. I was specifically talking about dual control links (control port 0) with two pairs of SPCs. So two of SPCs per device connected to other two SPCs using control port 0 on all SPCs. The topic in...
View ArticleRe: SRX 240 cluster nflow problem
Perhaps you need to apply the filter to the physical interfaces instead of the reth interface.
View ArticleRe: SRX240 Can't commit changes
The internal flash drives of these branch SRX are not replacable when they fail. But you can try to boot from USB instead. If you have access to a running SRX240 you can make a snapshot to USB. Then...
View ArticleFailover not forwarding Traffic to Cisco 3750 from Juniper SRX 650- LACP Line
Dear Friends,I am facing an issue with Cisco switch- Juniper SRX650 failoverI have 2 Nos 3750 stack switch- connected to SRX650(2 No's) Juniper devices with Failover Let me explain the internal switch...
View ArticleRe: Failover not forwarding Traffic to Cisco 3750 from Juniper SRX 650- LACP...
How are you testing failover?Are you shutting the port channel and interfaces down completely? When you do this, does the route change on the cisco side (i.e does it remove the first default route?)The...
View ArticleRe: Failover not forwarding Traffic to Cisco 3750 from Juniper SRX 650- LACP...
We manually switch active primary Firewall to secondary,So secondary Firewall came active mode . But the traffic to switch is not happenig "Automatic"But when I manually shutdown and enable LACP in...
View ArticleClik here to view.
SRX110 connectivity
Hi, I'm connected to internet with a router and I'm trying to configure a SRX110 behind, then without use the wan port, but something don't works correctly.It's possible use this device using normal...
View ArticleRe: Failover not forwarding Traffic to Cisco 3750 from Juniper SRX 650- LACP...
Something doesnt seem correct hereAre the 2 SRX's in an HA configuration? If not, then i am not sure how you switch the firewalls over, but at the moment your configurations have 192.168.50.0/24 going...
View ArticleClik here to view.
Re: Failover not forwarding Traffic to Cisco 3750 from Juniper SRX 650- LACP...
Hi, Firewall SRX is configured with HA.I powered Off Active Firewall Node to test failover , In that case Failover is working since I can access firewall through Pulic IP. But it is not communicating...
View Article