Re: SRX 320 site-to-site VPN problem
Hi, Policy based VPNs are supported on the 300 series devices starting from 15.1X49-D50....
View ArticleAllow services on static NATed IP?
Happy Saturday! Junos question for you. My public interface in Untrust zone is vlan.2 with IP (using examples here) 1.1.1.71. I use static NAT for 1.1.1.73 to 10.0.3.13/32.I allow pings to untrust but...
View ArticleClik here to view.
Re: Allow services on static NATed IP?
Hi wq, to allow RDP, ping etc. you just need to create a security policy from untrust to trust with the internal IP as the destination-address in the policy. If you look at the order of packet handling...
View ArticleRe: Dynamic VPN Network Confusion
The remote protected resources are those networks/resources that are behind the SRX that you want the remote client to get access to. The assignment-pool should preferably not be the same as the...
View ArticleRe: Allow services on static NATed IP?
LATEST UPDATE: Got it working! See the code below for the change I had to make. I had to delete the static NAT that did not include ports and create static NAT for each port. Alternatively, I could...
View ArticleRe: Allow services on static NATed IP?
Hi, The reason it is not working is because the port 33389 is not getting changed after the NAT :- Jan 15 01:39:42 01:39:42.813842:CID-0:RT: 23.24.25.26/30877 -> 10.0.3.13/33389 proto 6This is...
View ArticleRe: Dynamic VPN Network Confusion
Hi, The first issue, I believe is that the clients local network and the remote-protected-resources network are the same. I don't see a workaround here unless one of them changes subnet? The local...
View ArticleRe: Allow services on static NATed IP?
Sahilsha is right. So was jonashauge. Static NAT is processed before DNAT so I had to add mapped-port to static NAT in config. See my previous post for solution.
View ArticleRe: Strange port forwarding issue - SRX320
As advised by lyndidon marked as resolved as different hardware used. Will update once I test juniper configuration with now working internal systems.Thanks for the tips lyndidon. Hope they come on...
View ArticleRe: SRX300 series VLAN interface
Hi All, Like the OP, I am configuring my first srx300. Have upgraded the software to Hostname: fw01 Model: srx300 Junos: 15.1X49-D70.3 JUNOS Software Release [15.1X49-D70.3] My problem is that I am...
View ArticleRe: IP-Blacklist apply to all interface
Neat trick python!! You could hide the prefix-list and groups or the matians using pythons trick!!!set groups TKI interfaces <ge-*> unit <*> family inet filter input TK1set apply-groups...
View ArticleRe: SRX 320 site-to-site VPN problem
Hi Folks,I found this tool really helpfull,SRX & J Series Site-to-Site VPN Configuration Generator https://www.juniper.net/support/tools/vpnconfig/
View ArticleClik here to view.
Re: traceoptions only showing dropped packets inspite of applying...
show log 001_check Dec 26 15:14:39 15:14:29.088434:CID-01:FPC-01IC-00:THREAD_ID-23:RT: packet dropped, denied by policy Dec 26 15:14:39 15:14:29.088440:CID-01:FPC-01IC-00:THREAD_ID-23:RT: packet...
View ArticleSRX 650 IDP Signatures Update fails
Hello.I have problem with signatures upadte for SRX 650B with junos : 12.1R6.5. I have this output: node0:--------------------------------------------------------------------------Done;No newer version...
View ArticleHow to save logs from SRX to USB drive directly without save it in srx
Hello,I have to save the log in usb directly . can it be possible to save the log directly in USB? Please help for this Thanks
View ArticleJuniper DAC (copper) cables SRX SRX, EX EX SRX EX
Hi, Any restrictions or spec configs when using these cables in SRX and EX devices with SFP module ? THS Regards, Rav
View ArticleRe: Dynamic VPN Network Confusion
The local clients will be assigned an address from the address-assignment pool. The protected resources behind the SRX would be able to see the pool IP addresses coming in and accessing them. Say my...
View ArticleRe: Security log flow time zone not same with syslog time zone in SRX58000?
Hi all, I'm already reboot the box but the time zone still not same. May i know whether we can set manually time on FPC? Thanks and appreciate someone feedback
View ArticleRe: SRX240 Need Help with vlan Routing
That was the problem. I had the gateway on each box pointed to the interface as the next-hop. Once I changed the routing table to point the next-hop to the routable vlan interface on the SRX I could...
View Article