Re: Recommended IKE and IPSEC Security Parameters
Hi, These parameters depend on what you want to configure. You can go with the ones mentioned in the example...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi sahilsha, In the syslog server itself (SIEM) it cannot see the syslog such as change log, interactive-command n etc in mode stream. But it not have issue on session flow log. Is it the limitation of...
View ArticleRe: SRX650 CPU utilization
Is there this problem on SRX running junos 12.1x44? because of cpu usage of my firewall sometimes is very high.
View ArticleRe: SIEM cannot received log when SRX using stream mode?
The logs you are looking for require a configuration under system syslog to send. https://www.juniper.net/documentation/en_US/junos12.1x46/topics/concept/security-system-log-message-overview.html Your...
View ArticleRe: L2TP through SRX
The session is showing that the udp 500 traffic is properly permitted and NAT is working here. Session ID: 316147, Policy name: VPN_PPTP/40, Timeout: 36, Valid In: 82.132.227.76/627 -->...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi Spuluka, Thanks for the url given. I'm already read that url given and it;s look like it some of limitation when we use mode stream right? Please corrrect me if i wrong cause my english not so good....
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Yes, on the SRX in Stream mode you need to have TWO configuration stanza setup per those instructions in order to get all of the syslog messages. You appear to need to add the system syslog one from...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi Supuluka, When u said "TWO configuration stanza setup " are u refer to which part? Below is my config. Can u advise me what need to change to make sure on SIEM can see both syslog on Control Plan...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
I think you need these two stanzas:control plane logs - remove the match for flowhost 7.7.7.1 { see log RT-FLOW any any; change-log any; interactive-commands any; source-address x.x.x.x;...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi Spuluka, If i enable the control plane log then the SIEM cannot received security log. That's a reason i deactivate the control plane logs. Your SIEM can see both log at same time? Thanks and...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Yes, at a previous company we did have all logging working to Q-radar SEIM. I think you issue with the syslog stanza having the match condition added. This can tend to restrict what messages are sent.
View ArticleRe: Link connection between two Virtual Router on SRX220
I"m confused because you original message:From Host 1 traffic can reach to Host 2 and reverse. But with series SRX220, logical lt- interface do NOT support, so do have any solution to connect two VRs?...
View ArticleBug Reintroduced on Dynamic VPN
Hi there! Was Dynamic VPN bugs reintroduced in version 12.3X48-D40.5?Running 12.3X48-D40.5 on SRX240H2....
View ArticleRe: Bug Reintroduced on Dynamic VPN
Hi Folks, 12.3X48-D40.5 should have the fix for BUG 1135780. The observation seen could be due to some other trigger. I would suggest you to open a JTAC case to isolate it further.
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi Spuluka, But the config match RT_FLOW is deactivate. How it can restrict the syslog to SIEM? inactive: match RT_FLOW_SESSION; Thanks
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi Folks,I could find some interesting information, The traffic events in stream mode must be sent from one of the revenue ports. Using management ports such as fxp0 (or a revenue port in...
View ArticleRe: SIEM cannot received log when SRX using stream mode?
Hi Phyton, I'm use reth interface as source address to send log to SIEM. Thanks
View ArticleRe: Bug Reintroduced on Dynamic VPN
Unfortunately it works only and only if you insert your external interfaces under "system services web-management".Otherwise you will get errors like "ERR_TOO_MANY_REDIRECTS" pointing your browser to...
View ArticleRe: L2TP through SRX
Hi Spuluka, I managed to get it working in the end, one of the main problems was that i needed to edit the registry on my windows box https://support.microsoft.com/en-gb/kb/926179 Thanks so much for...
View ArticleProxy IDs (traffic Selector) of 0.0.0.0
hello,I have already asked similar questions 1 year ago without getting feedback;here it is again with other words : 1) when using routed-based VPNs, defining proxy ids can be cumbersome if you have...
View Article