Re: Upgrading from 12.1X44-D40 to 12.1X46-D60 fails
Tryloader> install --format tftp://<tftp server>/<Junos package name>
View ArticleRe: UTM Services to High Ends SRXs.
"Starting in Junos OS Release 12.1X46-D10, Sophos antivirus, antispam, and content filtering features are supported on all SRX Series devices."...
View ArticleRe: UTM Services to High Ends SRXs.
WDUDYS,Tks a lot for your response!!!Do you know if there any solution for Webfiltering for HIGH-END SRX? Tks,João Victor
View ArticleRe: VPN Rekeying process.
wdudys,Tks a lot for your answer. Good to know about the soft and hard timers. Tks,João Victor
View ArticleRe: UTM Services to High Ends SRXs.
Check this linkhttps://www.juniper.net/techpubs/en_US/junos15.1/topics/reference/general/j-srx-series-software-license-features.html I guess local and websense redirect are also supported as they don't...
View ArticleClik here to view.
Re: UTM Services to High Ends SRXs.
Great!!! Tks a lot wdudys!!! Have a nice weekend!!! João Victor
View ArticleLots of tunnels ok but ONE route-based VPN tunnel to Cisco ASA passes data...
I have a situation with ONE partner/supplier using a Cisco ASA where the route-based tunnel between my SRX-240 and the ASA will not stay up for more than a few minutes at a time. I have examined the...
View ArticleRe: SRX Chassis Cluster connects to Nexus 6k via VPC - Issues
Many thanks for your reply, As for the MAC, when I tried to ping reth8.10 192.168.0.168 from Nexus 2 vlan 10 192.168.0.252 - Although ping fails, I can see correct the SRX MAC in Nexus 2 - just exact...
View ArticleRe: SRX Chassis Cluster connects to Nexus 6k via VPC - Issues
Is the MAC learned from the vpc 7 interface on Nexus 2?
View ArticleRe: SRX VPN tunnel with NAT to the Internet
private devices from 172.17.1.0/24 Although technically it will work for either end.
View ArticleRe: SRX VPN tunnel with NAT to the Internet
I think we're not on the same page. According to your configuration, private IP devices from the 172.16.12.0/24 subnet should NOT be able to access the internet. The reason being is that you have NAT...
View ArticleRe: RTPERF_CPU_THRESHOLD_EXCEEDED when 40 Mbps passed to st0.1
Suraj: thank you. I am not using application-tracking:root@a> show configuration security zones | display set | match application-tracking Re MSS, I will perform your test. However, I do not...
View ArticleRe: RTPERF_CPU_THRESHOLD_EXCEEDED when 40 Mbps passed to st0.1
wdudys: I will attempt your configuration, please stand by for results. However, my preference was to avoid fragmentation by setting a lower MTU. With MTU, the packet size restriction is "visible" to...
View ArticleTunnel config for Swap from SRX3600 to SRX5600
Hi I am swapping my SRX3600 cluster to new SRX5600 Cluster.on my cnfiguration I have many IPsec tunnel.Asking: if the copy past of the tunnel configuration like the ike pre-shared-key can work on the...
View ArticleClik here to view.
Re: RTPERF_CPU_THRESHOLD_EXCEEDED when 40 Mbps passed to st0.1
Results attached. Note that the only configuration that made a change was wdudys's MTU/1500 MSS/1388 which reduced bandwidth to 15 Mbps and reduced the load on A. I do not understand how reducing the...
View ArticleRe: Upgrading from 12.1X44-D40 to 12.1X46-D60 fails
If I remember correclty I already tried it and get something like "invalid attribute" but I will check this again!Thanks so far!
View ArticleRe: Tunnel config for Swap from SRX3600 to SRX5600
Yes, copy config using "show configuration| display set" and then apply the same on new device using "load set terminal" command.
View ArticleRe: Apple iPhone/iPad VPN to Juniper SRX - now possible!
Hello, can I make my own sertifiate not from authorised certification center?
View ArticleRe: SRX VPN tunnel with NAT to the Internet
On the side of the VPN tunnel is the 172.17.1.0/24 network. I they want to get to the 172.16.12.0/24 network they need to go through the VPN tunnel IPSEC-VPN. I f the traffic is destined for any...
View ArticleRe: SRX VPN tunnel with NAT to the Internet
Can you even ping 172.17.1.1 from a host? If yes, then set up a flow trace in security -> flow -> traceoptions so we can see what happens when a host tries to go out to the internet.
View Article