Re: replacement for srx100 and srx110
jonashauge wrote: . . . I do not understand your comment regarding the capabilities of JSB and budget option. Applying the same discount I negotiated for JSB-LITE plus VAT (private purchase), then a...
View ArticleRe: VPN Hub and Spoke with IP Dynamic tunnel up but can not ping
Here is policies on Hub and Spoke. Please check help me, thank you.Hubroot@FW# show security policiesfrom-zone Internet to-zone DMZ { policy All_Internet_DMZ { match { source-address any;...
View ArticleRe: LACP on SRX 300
FWIW, I have a VLAN tagged L3 interface on a LAG working on a SRX300 (remote end is a Cisco 3064): me@somebox> show configuration interfaces ae10vlan-tagging;aggregated-ether-options { lacp {...
View ArticleHIGH SESSION UTILIZATION IN SRX 1400
node0:-------------------------------------------------------------------------- Flow session Flow session CP session CP session FPC PIC CPU Mem current maximum...
View ArticleClik here to view.
Adding Master-Only IP to SRX
Hello all Wondering if I could get some advice. Basically we have a number of SRXs configured as HA clusters. For reasons which I was never part of they were never implemented using the Master-Only IP...
View ArticleRe: Non-SRX VPN Setup - passthrough/NAT to VPN Box Problems
thank you for your help I will give this a try and review your comments on the mismatches!
View ArticleRe: SRX210 in band managment in trunk mode
Hello Spuluka, thank you for your respond. What i would like to do is to enable mgmt cli over ssh on SRX210 from vlan.20 localip-172.22.20.20/24. i added the security zone but is steal doesn't work. i...
View ArticleClik here to view.
Re: Adding Master-Only IP to SRX
Looks like you got the essentials covered I'd just add: Rather then changing the SNMP target to ONLY the 'master-only', it would be a better idea to kep monitoring the device specific IPs along with...
View ArticleRe: Natting from a routing instance to global instance in a chassis cluster??
You should be able to NAT from RI to MI. Look the overlapping subnets configuration and modify it to suite your environmenthttps://kb.juniper.net/InfoCenter/index?page=content&id=KB21286
View ArticleRe: IKE negotiation failed with error: IKE gateway configuration lookup...
Hi, From the configuration provided, I could see that on ASA the tunnel-group is using IP 111.111.111.111 and on the SRX you have configured the local-identity to use is again 111.111.111.111.As...
View ArticleIntegrated user firewall help
Hi, I would like to set up this feature on my SRX550, the end goal is to map IP to usernames so we have more visibility on who is looking at what (not sure if this is achievable) So far I have the...
View ArticleRe: VPN Hub and Spoke with IP Dynamic tunnel up but can not ping
This is saying the hub is able to send traffic but no reply comes back from the spoke. Session ID: 14513, Policy name: self-traffic-policy/1, Timeout: 56, Valid In: 192.168.3.1/0 -->...
View ArticleRe: SRX210 in band managment in trunk mode
You will need to add the vlan.20 interface to the security zone not the trunk port. interfaces { ge-0/0/1.0 { ----- remove and replace with vlan.20 host-inbound-traffic { system-services { all; ssh; }
View ArticleRe: Natting from a routing instance to global instance in a chassis cluster??
If you want traffic to come into the SRX on one routing instance and leave via another routing instance then you do need to create a connection for this traffic on the device. By default the routing...
View ArticleRe: SRX 300 - DHCP subsystem not running
Hi all, any update on this one ?I am facing the same issue ?Can`t get an IP-Adress for reth-Interface with SRX300 running 15.1X49-D70.3. Thanks. Cheers, Christoph.
View ArticleRe: Natting from a routing instance to global instance in a chassis cluster??
Thanks Spuluka.It worked!
View ArticleRe: VPN Hub and Spoke with IP Dynamic tunnel up but can not ping
Thanks spuluka. I have check steps but can not find error to fix this problem.
View ArticleRe: replacement for srx100 and srx110
We do have 1 srx300 in production at a new branch we opened but we had a lot of trouble translating configurations from our 210s that we use at other branches to the srx300. Does anyone have some good...
View ArticleStatic NAT with dual ISPs
Hi all - I am trying to get static NAT working in a dual ISP configuration for a SRX240 HA cluster. Static NAT has been working for years for the default routing instance connected to reth0. Recently...
View ArticleRe: Static NAT with dual ISPs
Hello , Can you add the reth7.0 in virtual router " my-routing-instance " and test the statis NAT again .
View Article