Clik here to view.
IPsec VPN traffic from outside subnets
Hello everyone, I would like to know if it's possible to connect local networks which aren't connected directly to the firewall. E.g.: We have one Juniper at our office and on other end, another...
View ArticleRe: IPsec VPN traffic from outside subnets
Hello there,Short answer - yes it is possible.Long answer - it is possible, route-based IPSec VPN with routing protocol running through the tunnel is very much preferred in this scenario. If your...
View ArticleSRX-100 and USB Cellular modem, not working
We have a Sierra Wireless 319U that works fine on my laptop.I am trying to make it work on the SRX. We are using profile 4. The power is on the USB 319U, but the data never goes solid, it just blinks,...
View ArticleRe: IPsec VPN traffic from outside subnets
Thanks Alex! In the first instance, we are going to try on static routing. Gotta try GRE stuff if it doesn't work
View ArticleRe: Port Overloading factor with overflow
Hi Suraj, Thanks for the reply.But I went through the Kb earlier, this talks about the procedure followed to allocate a bucket defined using POF command.That is understood, but what to do if the bucket...
View ArticleRe: Junos Hidden Commands
Comand to convert HA from Active-Active[default mode] to Active-backup. set chassis cluster redundancy-mode active-backup Yes, this is a hidden command but is very handy in releasing NAT...
View ArticleRe: Filter Based Forwarding to Specific Outgoing Interface on SRX
I don't think this is possible on the SRX. The outgoing interface won't match the one in the session table if you do this, have to try it to be sure!
View ArticleRe: SRX-100 and USB Cellular modem, not working
Hi, Try to follow this PDF document, and see if it helps:...
View ArticleRe: CPU spikes on data plane caused by security monitoring
This is occurring every 5-30 seconds when network usage is at it's highest demand. During low periods it still occurs, however not nearly as often. JunOS 12.1R7.9...
View ArticleRe: CPU spikes on data plane caused by security monitoring
I'm running 7 VPN tunnels, all set with MTU 1436 (6 of them are with AWS). MSS on all the tunnels is already set to 1387, however I will play around with this number and see what happens.
View ArticleRe: SRX240 cluster at 2 sites
How is your both sites' connectivity with ISPs? Are you using BGP ? if YES then perhaps you can tune it. It would be better if you paste the configuration. Thanks,MYN
View ArticleRe: Failover to backup SRX in cluster. Reth interfaces in zones and Natting
Hi, From your configuratino, it should failover. One simple question, did you commit the config after disabling the child interface of reth0 ? In JunOS, configuration takes effect only after commit....
View ArticleVDSL G.993.5 (G.vector) and G.INP support on SRX 110VA and VDLS PIM
Does any SRX support VDSL G.993.5 (G.vector) and G.INP ? These two protocols are mandatory for any equipmet connected FTTN links in Australia.
View ArticleFQDN Security Policy Problem (A-Records missing from lookup)
So, i tried to make a FQDN security policy to allow one of our servers to fetch owncloud updates. The policy looks like this xxx@yyy> show configuration security policies from-zone perimeter1...
View ArticleRe: FQDN Security Policy Problem (A-Records missing from lookup)
What is your DNS server settings ? Try to increse the size of DNS packet under security set security alg dns maximum-message-length 8192It would be better if you share DNS configuration. Thanks,MYN
View ArticleRe: FQDN Security Policy Problem (A-Records missing from lookup)
I don't know what's that got to do with my question (if you address the issue with truncated DNS packets, that's been solved for ages), but for the sake of completeness: xxx@yyy> show configuration...
View ArticleRe: SRX- 650 || Policy Based VPN || Communication Issue
Hi, In policy based VPN proxy IDs are matched on local and remote sites. I believe you have defined correct proxy-id on both sites that is why you're able to ping from LAN to LAN. The reason why you're...
View ArticleRe: FQDN Security Policy Problem (A-Records missing from lookup)
The issue seems to be that every lookup for s3-1-w.amazonaws.com returns a different A-record almost every time. The SRX on the other hand seems to lookup just once and persist that IP address in the...
View ArticleClik here to view.
SRX210 Booting from backup image 10.0R3.10
Rank amateur alert! I have a spare SRX210 which is booting from the backup image. It had previously been ok but i think a sudden power outage killed it. I want to be able to put the latest software on...
View Article