Re: Remove address-book from group address
Hi Scott, basically you are mixing up address book entries and address-sets (groups). Your command "delete security zones security-zone internet address-book address-set address Dave_home 70.x.x.x/32"...
View ArticleSRX340 Dynamic VPN
Hi all, i have upgraded my SRX340 to the latest 15.1x49-D70.3 Junos, and i have referened the below link to setup dynamic VPN, however, i couldn't access the https://<wan ip>/dynamic-vpn to...
View ArticleUnwanted traffic hitting external interface proxy arp addresses
Hi, I have a fixed external ip on the external interface of our SRX device, I recently set up a default deny rule so i can monitor traffic on a syslog server. I am seeing lots of telnet and ssh traffic...
View ArticleRe: Unwanted traffic hitting external interface proxy arp addresses
Hi, Traffic being destined to the proxied IP on the SRX has nothing to do with the configuration.You are getting that traffic as you are proxying for that IP (maybe hosting services) and any traffic...
View ArticleRe: Unwanted traffic hitting external interface proxy arp addresses
Hi, Thanks for taking the time to reply, here is my config set security screen ids-option untrust-screen icmp ping-death set security screen ids-option untrust-screen ip source-route-option set...
View ArticleRe: Unwanted traffic hitting external interface proxy arp addresses
Hi, There nothing wrong with the config as such.The screen thresholds depend on your network and the traffic passing through.There is nothing in the configuration which would force the users on the...
View ArticleRe: SRX340 Dynamic VPN
Hi, Is there any filter on the physical/loopback interface blocking https access ?Is there any security policy from/to junos-host blocking this access ?If the answers are no, then try ">restart...
View ArticleRe: SRX340 Dynamic VPN
On top of sahilsha sahilshas questions, I remember it as you cannot access /dynamic-vpn in the 15.1X49-D70 release. Have you tried connecting with the Pulse Secure client towards your WAN IP and see...
View ArticleRe: SRX340 Dynamic VPN
Dynamic VPN was taken out of the SRX300 line with the 15.x version. Word around the campfire is it will be added back with version 17.x. Hopefully some of the switching functions will also be added....
View ArticleRe: SRX340 Dynamic VPN
i degel3030. That's not fully true - yes, initially it was not present in 15.1X49 but was readded in 15.1X49-D60 due to demand from partners and customers.
View ArticleRe: SRX340 Dynamic VPN
Hi degel3030, Jonas is correct. Dynamic VPN is fully supported from 15.1X49-D60. From the release notes :- Dynamic VPN remote access for Secure Pulse clients to SRX300, SRX320, SRX340, SRX345, and...
View ArticleRe: Log when ISP is down
Hi, You can configure rpm probes on the SRX to monitor reachability to a specific IP on the internet.Syslog mesasges containing "PING_TEST_COMPLETED" and "PING_PROBE_FAILED" would be generated.Please...
View ArticleClik here to view.
Re: Remove address-book from group address
Hi Jonas! Happy New Year to you sir! Well I finally got it to work. Two things -First I had to delete the Policy associated with Dave_home. Then using your given command I was able to delete the...
View ArticleRe: SRX340 Dynamic VPN
Tested with 15.1X49-D70.3 and it works! Thank you Juniper! Now here is hoping for switching functions....Back to OP question, care to share your config?
View ArticleRe: SRX650 support CGNAT?
MPLS support is on all the SRX models. But I"m pretty sure most of the cgnat operations will only work on the High End SRX as they require the SPC installs and configuration. Generally the most...
View ArticleRe: Policy based site2site VPN no traffic
Assuming you have a default outbound source nat policy, you want to add something like this to the nat rule to exclude the VPN traffic. set security nat source rule-set trust-to-untrust rule vpn match...
View ArticleRe: SRX 3600 MSS Drop
Hello,SPDNet wrote: is there a way to limit a range the syn mtu between 1000-1800 on mx ? Yes there is - in JUNOS 14.2 or newer and on MX only (not SRX). Here is my NY gift to You: [edit]...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi sahilsha, Sorry for late reply. Kindly please see attachment for log that u requested, I'm dont know how to anaylysis it. Appreciate your help. Thanks
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi kronicklez, Looks like the SRX is sending the logs as the transmitted bytes are there on the SPUs :- 0: name=TO-SIEM, ip(H)=a446747 (a 44 67 47), port=514, codec=2, sev=7 ip_id=233, tx=233,...
View Article