Re: SRX 300 series JSB / JSE licence
Hi, As of now, the licensing has not been implemented. So essentially you will be getting all the features on the box. Regards,Sahil Sharma---------------------------------------------------Please mark...
View ArticleClik here to view.
Design a redundant network
Hi! I need some help figuring out the best configuration scenario for my network. Please have a look at the attached image as I’ll refer to it. I have a two ISP setup with BGP to both peers. My SRX...
View ArticleRe: SRX 300 series JSB / JSE licence
Hi, You are required to buy either a JSB, JSE or JSB-L license when buying a SRX300 series firewall. JSB: Firewall, routing, NAT, VPN and Junos "basics" (automation etc.) and MPLSJSE: JSB + Application...
View ArticleRe: SRX 3600 MSS Drop
I've found that the screen settings are a much better solution to fighting issues like syn attacks than firewall filters because of the nature of these attacks. The issue with filters is the changing...
View ArticleRe: Configure Virtual Router on SRX
I think the real feature you want is a icense to Logical systems (only on SRX) that create a logical SRX inside the chassis that can easily be sub-managed by a user account....
View ArticleRe: Configure Virtual Router on SRX
An extra note regarding logical systems on SRX. This is only supported by highend SRX platforms (SRX1400/3400/3600/5000 series) -not branch (srx100/200/300/550/650) series and SRX4100/4200. From what I...
View ArticleRe: Configure Virtual Router on SRX
Hi Folks,To add.. there are differences between instance type virtual-router and Logical System deployments. With Logical System configuration the box will spin individual rpd daemon for every LS...
View ArticleLog when ISP is down
Is there any way to obtain a log when I lose Internet conectivity from one of my two ISPs? I was thinking in something similar to rpm services: when SRX send ICMP packets to an Internet host and this...
View ArticleRe: Log when ISP is down
Hello, You can explore the IP Monitoring feature on SRX devices. https://www.juniper.net/techpubs/en_US/junos12.1x46/information-products/pathway-pages/security/security-ip-monitoring.html#overview...
View ArticleSRX650 support CGNAT?
I read that some of the larger SRX units support CGNAT, do the smaller ones support it as well? Also, do all SRX units support MPLS?
View Articletraceoptions only showing dropped packets inspite of applying basic-datapath...
Customer configured traceoptions in SRX 3400. But when he see show log <file name for traceoption> he only sees dropped packet, however he has configured with flag basic-datapath. I can see...
View ArticlePolicy based site2site VPN no traffic
Good morning (o; First of all...I'm pretty new to SRX devices.... I've setup a site-to-site policy-based VPN with the help of the online configuration tool, and from what I can tell the VPN is up and...
View ArticleRe: Policy based site2site VPN no traffic
Hello, Second line indicates that Source IP 10.0.100.2 port 49184 is NATed to Y.Y.90.159 port 21771.Since it is a policy based VPN, I assume that you do not intend to NAT the traffic & due to some...
View ArticleRe: DHCP lease time not being respected
look its a open worldi will not die if i dont get help but if one wants to help then help and if not then don't help i have been using my junper router for 4 years and i am more familiar with the...
View ArticleClik here to view.
unable to ping to SRX self ip across different routing instance
Hi Friends, i'm facing a strange issue in lab, bascially my setup is like below: The requirement is on EX4550, ping between the vlan.30(default routing-instance) and vlan.80 (belongs to...
View ArticleRe: traceoptions only showing dropped packets inspite of applying...
Hi, Please assist me with the above issue.
View ArticleRe: traceoptions only showing dropped packets inspite of applying...
Do you have "security datapath-debug" is configured and active in this box?
View ArticleRe: Dynamic VPN - Users Change Own Password
Bumping up one more time before I contact JTAC....
View ArticleClik here to view.
Re: SRX 3600 MSS Drop
Thank you so much , i checked a little for our network characteristic we have thousands of syn packet every second is there a way to limit a range the syn mtu between 1000-1800 on mx ?...
View ArticleRe: Remove address-book from group address
I cannot seem to remove an adress book entry from my SRX220. I use the Gui and the change won't commit. So It try from the CLI. My Config is thus (without x's): security-zone Internet { address-book {...
View Article