Re: Completely spoofed traffic
If my answer was contained inside a binary executable that you'd have to download from some random place on the internet, would you run the executable?
View ArticleRe: Site-to-Site VPN with Inline Transparent Web Filter
On the datacenter side you could terminate the VPN into a separate virtual router with its own routing table which would have routes like this:172.29.0.0/21 -> 2.2.2.2 via st0.x0.0.0.0/0 ->...
View ArticleRe: Completely spoofed traffic
you do not need to download it , share your teory.Also if you should solve i should give the c++ source
View ArticleRe: RT_ALT_WRN_CFG_NEED: MSRPC ALG detected packet; needs extra policy
In simple words ALG do a dynamic Port opening based on the application type. By default MSRPC alg is enabled on Junos devices and the error message you seeing could be some software issue needs...
View ArticleLoopback Mtu Problem
Hello colleagues, I have a problem ,in my case i'm using loopback in my bgp scheme and i configured nat and everything seems like working fine but when i connect to various web-sites i'have a MTU...
View ArticleRe: Loopback Mtu Problem
root# set security flow tcp-mss all-tcp mss 1350root# commitThis will make sure the TCP connections are negotiated with MSS of 1350 irrespective of the higher MTU. You may try lowering the value to...
View ArticleRe: RT_ALT_WRN_CFG_NEED: MSRPC ALG detected packet; needs extra policy
Can you explain to me: why is the juniper blocking any traffic when I specify I want to allow any source address, any destination address, any application, and any source-identity? If you are NOT using...
View ArticleRe: Loopback Mtu Problem
So If I use that command in SRX which is now working in production, can that interrupt current tcp sessions ?
View ArticleUpgrading from 12.1X44-D40 to 12.1X46-D60 fails
Hey community, because there ist no warranty or no active support for my SRX100H I need your help. I wanted to upgrade my SRX to 12.1X46. Everythings looks good but after reboot I get the messages:...
View ArticleRe: Upgrading from 12.1X44-D40 to 12.1X46-D60 fails
I recently did this to get an SRX240H2 up to 12.3X48. I first had to upgrade to 12.1X46D25 then I could get to 12.3X48.
View ArticleSRX VPN tunnel with NAT to the Internet
I have been trying to get this going for a number of days and just cannot get it to work. I want VPN traffic destined through the tunnel to go through and all Internet based traffic to be NATed and...
View ArticleRe: SRX300 Slow When Connecting Through Switch
I’m sorry, but, for all intents and purposes, we need to assume the switch is unmanageable at this time.
View ArticleRe: SRX Chassis Cluster connects to Nexus 6k via VPC - Issues
On the SRX side, I think redundancy group 1 should monitor member interfaces, not the reth. Should the member interfaces on node 0 go down, you want the redundancy group to fail over to node 1.Your set...
View ArticleRe: SRX300 Slow When Connecting Through Switch
Ok. Try a different switch and see if you get the same results.
View ArticleRe: L2TP windows VPN through SRX
Hello, The session table information looks incorrect. With a destination NAT, session should be something like: In: 151.**.**.**/500 --> 10.10.10.2/500;udp, If: ge-0/0/5.0, Pkts: 2, Bytes: 692In:...
View ArticleRe: SRX240 Internet Speed slow
Were you able to find the solution, running SRX340 with similar issues . We have IPsec tunnels back to main Data center for all the traffice. Upload is fine but download is low as 1.2MB on 50MB...
View ArticleUTM Services to High Ends SRXs.
Hi All,i´m studying to JNCIS-SEC and i´m studying the UTM subject and so raised a question: For Branch devices there a lot of UTM services (Antispam, Antivirus, webfiltering, etc). But, and about the...
View ArticleRe: L2TP windows VPN through SRX
Hi, thanks for replying Here is what i see with our current PPTP connection using the destination NAT Session ID: 31128, Policy name: VPN_PPTP/40, Timeout: 1750, Valid In: 86.**.**.**/55530 -->...
View ArticleVPN Rekeying process.
Hi all,we are monitoring the traffic consumption through the PRTG monitor server and we have noted that the traffic suddenly go to 0 traffic for a few seconds. I would like to know if this are ocurring...
View ArticleRe: VPN Rekeying process.
Rekeying should not interrupt traffic. There are two timers for every IPSEC SA pair. Soft and hard. Hard timer is the lifetime-seconds parameter you configure under ipsec proposal. By default 3600s....
View Article