Re: SRX100 - Routing/Policy issue pinging IP past gateway in different Zone
Do you see a flow session created?
View ArticleRe: SRX firewall routing configuration
could you help me to understand the different functionality of the 2 definitions 1- set routing-instances Main-VR routing-options static route 2- routing-options static routeWhen you create a routing...
View ArticleSSG to SRX Migration concepts
Hello,i am new to juniper and please I need assistance to migrate the configuration from 1 SSG140 to cluster of two SRX240.Currently i have one SSG 140 firewall that has two internet links and one...
View ArticleRe: Internet through Central Office
You have the VPN setup using proxy id set security ipsec vpn IPSEC-VPN ike proxy-identity local 10.123.9.0/24 set security ipsec vpn IPSEC-VPN ike proxy-identity remote 10.123.3.0/24As a result the...
View ArticleRe: reboot srx 240
Perhaps the brute force login attempt check is enabled. If so, the lockout is because outsiders are trying to access the SRX. Be sure to have the appropriate restrictions to prevent access on the WAN...
View ArticleRe: New DHCP Server not responding.
I have a similar problem on 15.1X49-D70. Only some DHCP requests are replied (after a while) some not.The old ssg140 firewall is working fine in the same position. admin@srx# run show dhcp server...
View ArticleActive-directory-integration
Hi All,I am trying to configure active directory with srx.I see security groups of active directory But I can not see OU of active directory,So Is it possible to see ou from srx or not ? If it...
View ArticleRe: Route-lookup for x.x.x.x yielded reject NH
Do you have other routing protocols setup here that may have a more specific route that includes the 10.64.0.72 address? Do a route lookup for this address and see how many hits there are. show route...
View ArticleRe: srx340 as a switch and gateway router
There was a major change in how layer 2 services are configured in Junos for the SRX. You can try first to run your SRX configuration through the ELS translator to get the "Enhanced Layer 2 Services"...
View ArticleRe: SRX100 - Routing/Policy issue pinging IP past gateway in different Zone
This could be either a missing policy that blocks the traffic on the default block policy or a routing issue between zone 54 and this host. Does a trace route go part of the way and indicate where the...
View ArticleSend Logins and config-Changes to Syslog (CLI and J-Web)
Hi Guys, is it possible to configure the SRX to send every "change" done via CLI and J-Web to a Syslog-Server so you can check who edited what and when? On our EX-Switches we solved the "show who...
View ArticleRe: Send Logins and config-Changes to Syslog (CLI and J-Web)
I'm not familiar with configuration like this but I would suugest that beside configuring the event-options policy trap , you can configure : set system archival configuration transfer-on-commit...
View ArticleSite to Site VPN between a SRX w/dynamic IP to SRX w/static IP
Hi Guys,I have requirement for site to site VPN between SRX like this diagram :ServerFarm----------SRX210 ---------internet cloud————————ISP Router ---------SRX300————PC (static IP) (Dynamic IP)...
View ArticleRe: Send Logins and config-Changes to Syslog (CLI and J-Web)
Hi Abed, we already have system archival in place for every commit - however that goes to the "archival" Server - and the Customer wants the Monitoring Team to be able to tell from the Logs in the SIEM...
View ArticleRe: Site to Site VPN between a SRX w/dynamic IP to SRX w/static IP
- Have you configured static route on the SRX210 machine towards the SRX300 site ?"set routing-options static route 193.x.x.0/24 next-hop st0.100"- Did you connect the SRX300 to a DMZ port in the ISP...
View ArticleRe: Site to Site VPN between a SRX w/dynamic IP to SRX w/static IP
Thank you for the quick response. I do have the static route configure. The ISP router has 4 ethernet port on it which I cannot make any configuration to it. I do know that ssh, ping, and http is...
View ArticleReplacing SRX Appliance
Hi I consideriing replacing my current SRX 220H2 by a SRX320.I asked the J-TAC if my current configuration is compatible or cant be migrated to the SRX320. They say that it is out of thier scope and...
View ArticleDestination NAT, JSRX210, rule-set rs1 and rule-set rs2 have same context....
Hello again. Recently, I configured remote access to my ESXi servers, which are behind the JSRX 210. I used those commands, and everything works great (x.x.x.x is my public address): edit security nat...
View ArticleRe: Replacing SRX Appliance
I don't remember any config differences between them (not sure if there is vlan to Irb change with 3xx). if you post a sanitized config here we can take a look.
View Article