Re: SRX300 and VPN tunnel interface
Hello , As of now I have not seen any limitation on number of secure tunnel . I created till st0.500 .
View ArticleRe: Static binding and srx100
Hello , For static binding , the clear will not help , we may need to change them in configuration .More details :...
View ArticleRe: Static binding and srx100
Tried the above however it comes back saying missing mandatory statement 'network'Also it doesn't show the current bindings. If I go show configuration it shows me the the dhcp pool details then the...
View ArticleRe: No ping from LAN after add routing-instances
A more global rule : filter FILTR{ term permit { from { protocol icmp; } then { accept; } } term 1 { from { source-address { 10.109.1.30/32; } } then { routing-instance ISP2; } } term 2 { from {...
View ArticleRe: srx 240: permit any to any inside traffic desn't work
I applied the suggested nat, but doesn't work and even ping has stopped working.
View ArticleRe: syn-ack-ack and limit session
The screen options you reference do not overlap, as they are designed to protect against two different types of attacks. Let me start with the syn-ack-ack proxy.This is designed to protect a server...
View ArticleSSH failed to delete .perm file
Hello After I upgraded SRX100 software to version 12.1X46-D55.3, then I started to see following log messages after I login usin SSH. Mar 3 09:26:20 xxx-xxx sshd[15082]: unlink(): failed to delete...
View ArticleRe: srx 240: permit any to any inside traffic desn't work
from-zone trust to-zone trust {This policy allows traffic to flow between the interfaces in the same zone, not through the device. So you need another policy. Of course add an interface to that zone...
View ArticleMACsec silently fails on SRX300 -- security hole?
Per the data sheet, the SRX300 supports MACsec on 2 ports. The documentation doesn't say which. For the avoidance of doubt I've tried this both on one of the obvious likely candidates (the two SFP...
View ArticleRe: SRX300 series VLAN interface
Yes the voip client appears to get an ip. If I connect a PC I also get an ip from DHCP but am unable to get outroot@ellisisland> show interfaces irb.211 Logical interface irb.211 (Index 73) (SNMP...
View ArticleHow to log UTM blocked and permitted-logged URLs?
I need to see what URLs are being blocked by UTM using Enhanced WF.
View ArticleClik here to view.
Re: srx 240: permit any to any inside traffic desn't work
Unfortunately I cannot add another interface on srx. in the network figure you can see that network 10.246.1.0/16 and network 192.168.254.0/24 are connected to SRX on only one interface ge-0/0/0:SRX is...
View ArticleRe: How to log UTM blocked and permitted-logged URLs?
Hi, If you are using stream mode logging and sending your traffic logs to a syslog server, match the logs on the server with "RT_UTM" and you will be able to see all activities of the UTM on traffic...
View ArticleRe: SSH failed to delete .perm file
Hi, These messages are cosmetic and there is no need to worry about them. Whenever a remote user logs in (via RADIUS/TACACS+), authorization attributes are saved on the box as .perm file...
View ArticleDHCP, SRX320 and out of my depth
Hello All,I'm sure someone will look at this for about ten seconds and spot my issue. So if you're out there, I appreciate your help in advance. This is my first foray in to Junos/SRX as I'm replacing...
View ArticleRe: DHCP, SRX320 and out of my depth
Hi, I see that the SRX320 is running version 15.1X49-D45.You are using DHCP configuration on the SRX.The DHCP config has ben deprecated from 15.1X49-D60 and JDHCP has replced it...
View Articlesyslogs for a specific routing instance
folksdoes anyone know if its possible to separate the logs for a particular routing instance and its rules from the master and other instances?thanks to anyone taking the time to reply
View ArticleRe: syslogs for a specific routing instance
Hi, If you want to get the traffic logs from just one particular routing instance, I do not think that would be possible. Regards,Sahil Sharma---------------------------------------------------Please...
View ArticleRe: srx 240: permit any to any inside traffic desn't work
The interface on the SRX that goes to the Internet should be in an internet/external/untrust zone. You need a policy from zone trst to zone untrust to permit all traffic for now until you chose to make...
View Article