SRX static Binding using IRB
I have the following DHCP server setup on my IRB. I use the IRB as my layer 3 interface. I am trying to understand how I can do static binding with this configuration. #set system services dhcp...
View ArticleRe: Default-Route Doesn't show up in Forwarding-instance Routing Table.
Hello, So if I understand correctly, you want to use different default-gateway for Guest (on ge-0/0/8) while other traffic should use appropate default route in inet.0 Is my understanding correct?...
View ArticleRe: Brand new SRX300 high CPU usage
@aaron@ARB JTAC resolved your problem? or the case is still open?We are facing the same exact problem with our SRX 300s, thanks for your input.
View ArticleRe: SRX static Binding using IRB
Tried this....still no Joy. Cleared arp table still pulled wrong IP Cleared binding dhcp server for irb still came back and pulled wrong IP @FW1> show configuration | display set | match MS1 set...
View ArticleRe: Default-Route Doesn't show up in Forwarding-instance Routing Table.
That's correct. Guests are on ge-0/0/6. Internet is on ge-0/0/8. On inet.0 I don't want to have a default-route pointing out of ge-0/0/8. There are some VPN end-points that will continue to point out...
View ArticleRe: Brand new SRX300 high CPU usage
Hi, if you read the release notes for 15.1X49-D70...
View ArticleRe: SRX static Binding using IRB
You configure this under "access address-assignment". Example-config: jh@fw# show access address-assignment pool int-guestfamily inet { network 192.168.0.0/24; range scope { low 192.168.0.30; high...
View ArticleRe: Brand new SRX300 high CPU usage
Jonas, Thanks for taking the time to post this. I look forward to reading over the release notes. I see this on my srx300 @ idle as well, high cpu usage that is. We were considering deploying these...
View ArticleRe: Brand new SRX300 high CPU usage
Correct, I had a call logged with JTAC and they sent me D62.1 before it was released. I have been running it for about 2 weeks now without issue. Current time: 2016-12-20 05:30:36 ICT Time Source: NTP...
View ArticleSRX 3600 MSS Drop
Is there any possible way to write a filter for drop mss value is smaller then 1300 or larger then 1800 ? Thank you
View ArticleSYN Attack
Is there any body faced with an attack like that befure : 03:48:13.180659 IP 61.222.68.47.45941 > 178.20.231.250.80: Flags [S], seq 1534189947, win 8192, options [mss 1460,nop,nop,sackOK], length 0...
View ArticleRe: Brand new SRX300 high CPU usage
Thanks a lot for your inputs. We have tested the new version of the firmware, it's true that the high cpu and high memory usage is resolved.But, in our tests, We have seen high latency when you do ping...
View ArticleRe: SRX 3600 MSS Drop
It looks like mss is not a valid option in firewall filters:root# set firewall family inet filter test term 1 from protocol tcp ? Possible completions:<[Enter]> Execute this command +...
View ArticleADVPN with Dual ISP
We are trying to move away from the conventional site-site VPN to ADVPN for 4 of our remote site and their connectivity to our data center. Each of these sites have dual ISP and the ipsec is configured...
View ArticleRe: ADVPN with Dual ISP
Hello, This might give you a fair idea about the necessary configuration. https://www.juniper.net/techpubs/en_US/junos15.1x49/topics/example/security-autovpn-ibgp-active-backup-tunnel-configuring.html...
View ArticleHow to anchor a /32 route and advertise it to BGP peer
Hi, guys, I have a situation that I need your suggestion. I have a one to one static mapping, say: 172.16.1.1 mapped to 1.2.3.4, I have a BGP session over st0 interface, I want to advertise 1.2.3.4/32...
View Articlel2cpd-service is thrashing, not restarted ntpd-service is thrashing, not...
Hello all, These logs are appearing in our SRX240H2.I've never seen these log messages are so don't know how to fix them or why they are appearing. I've tried restarting the ntp service & l2cpd...
View ArticleRe: How to anchor a /32 route and advertise it to BGP peer
Hello, Creating a discard route for the NATed IPs and then redistributing into BGP can help.Can you try the configuration below? routing-options { static { route 1.2.3.4/32 discard; }}policy-options {...
View Article