policy-statement and from rib matching
Hi, Is there a reason this policy doesn't work? prefix-list routes-from-main { 1.1.1.0/24; } policy-statement accept-from-main { term ok { from { rib inet.0; prefix-list routes-from-main; } then...
View ArticleRe: policy-statement and from rib matching
Hello,"from rib" is mainly used in BGP export policies - for example, when You have BGP-LU using inet.3 and BGP inet unicast using inet.0, You may want to apply different match criteria on export....
View ArticleRe: Fortigate 800C - SRX 240 ike problem
Hello, groovee wrote:P.S.It is route based VPN on both sides.Have You included stX.Y subinterface on SRX side into appropriate security zone and have You added security policy/ies allowing traffic to...
View ArticleRe: policy-statement and from rib matching
instance-import is meant for only user-defined routing instance not for default master routing instance . Its an import policy meant for VRF instance RIB's not global instance rib's like inet.0 I...
View ArticleRe: Fortigate 800C - SRX 240 ike problem
@spuluka: Yes, I've configured explict proposals package @aarseniev: Bingo! The simplest reason - tunnel interface was not in security zone. Why on earth such debug in Juniper (No proposal choosen)??...
View ArticleRe: SRX110 connectivity
I understand this, but the real problem isn't how to set dhcp server, for the moment I need to connect only one device, then I can assign i fixed IP; it's impossible to surf web connected to firewall...
View ArticleRe: SRX110 connectivity
You need both a security policy and a nat policy setup. Change the zone names to the ones you have assigned to the internet and internal interfaces. security policies from-zone trust to-zone untrust {...
View ArticleRe: policy-statement and from rib matching
Hello, Vincy wrote:instance-import is meant for only user-defined routing instance not for default master routing instance . Not true, one can import from inet.0 into VR (Virtual Router) instance...
View ArticleClik here to view.
Re: SRX 300 - DHCP subsystem not running
Hi, I am also using 15.1X49-D60.7 but still can't get a dhcp address.our configuration is SRX320 in a chassis cluster, and we are trying to get a dhcp allocation on a reth interface this is our...
View ArticleRe: policy-statement and from rib matching
Hi aarseniev, can you please clarify how I can import from inet.0 to another virtual router instance?policy-statement accept-from-main { term ok { from { instance inet.0; prefix-list routes-from-main;...
View ArticleRe: SRX110 connectivity
Really I get in panic.... Now I have## Last changed: 2016-11-15 15:33:44 UTC version 12.1X44-D35.5; system { host-name Axel_firewall; root-authentication { encrypted-password "secret"; } name-server {...
View ArticleClik here to view.
Re: policy-statement and from rib matching
Hello,Easy policy-statement accept-from-main { term ok { from { instance master; prefix-list routes-from-main; } then accept; } term reject-rest { then reject; } } HTHThxAlex
View ArticleClik here to view.
Re: policy-statement and from rib matching
I'm at loss of words.. Simply beautiful! Thanks!
View ArticleRe: SRX110 connectivity
I make a factory default, reconfigured and now I'm connected to internet, but I can't open page (time-out every time)
View ArticleHow to solve that several VR can access the same reth0 vlan for untrust
I have several VRs on an SRX.The untrust is on reth0 vlan 10But i cant create reth0 unit 10 vlan-id 10 and at the same time unit 11 vlanid-10 to hook these up to different VRs.Any suggestion on how to...
View Articlerouting instance and ospf
Hello! Trying to configure ospf on srx100 device with routing-instance enabled, everything works fine between devices without routing instance. show routing-instances cifra1 { instance-type...
View ArticleRe: SRX110 connectivity
When you say pages can't load can you be more specific? Does DNS work?
View ArticleRe: How to solve that several VR can access the same reth0 vlan for untrust
I'm not sure, but based on your description I am guessing you have internet on one VR and want to use this in a separate VR for the upstream traffic. If that is the case, then you probably can use...
View ArticleClik here to view.
Re: Failover not forwarding Traffic to Cisco 3750 from Juniper SRX 650- LACP...
Dear Friend, I am little bit slow in Juniper config so am here for a solution ... As per my view while failover testing happening POR CHANNEL 2 change to PORT CHANNEL 4 in switch side, but still...
View ArticleTransparent mode support SRX340 or not
Hi Guys, I am new with Juniper firewalls, i have a juniper firewall SRX340 (Junos 15.1X49-D45) and trying to configure it as Transparent mode. IS this series support transparent mode or should go with...
View Article