Re: Multiple logical interfaces per one physical
vlan-tagging is not about vlans. It is simple the statement required to create subinterfaces/logical interfaces. I have always thought that naming was just too confusing.
View ArticleClik here to view.
Re: monitor policer stats in SRX1400, 12.1X44 using simple-filter
Hello. Yes. it is applied/committed. And it SEEMS to be working, at least, according to the netflow stats. It'd be nice being able to check from the SRX1400 itself. JTAC's recommendation: run...
View ArticleRe: DIP/Static NAT IP is not in the Same Subnet of outside Interface
Hi lyndidon, I've tried, but failed. I got belowing error from SRX # commit check [edit interfaces ge-0/0/0 unit 0 family inet] 'address 2.2.2.2/32' A host address isn't allowed with any other address...
View ArticleRe: DIP/Static NAT IP is not in the Same Subnet of outside Interface
No that is completely wrong as you can see from the reply post from the original poster of this thread what you do is: [edit security nat static]lab@srxA-1# showrule-set TEST { from interface...
View ArticleRe: SRX210 load-balancing
I'm finally back. The ouput of the command is attached. I tried to change the TOS of the ping sent, the path was still the same, no matter the TOS value. Do you have any idea?
View ArticleRe: SRX210 load-balancing
Hi Icube, Welcome back ! I quickly saw the logs and it does work correctly. These are the ICMP sessions and their outgoing interfaces change from fe-0/0/2.0 to fe-0/0/3.0 ( I emboldened them ) in turn...
View ArticleRe: SRX210 load-balancing
Thanks for you reply. In fact, it is working on different prefix. But if I send my flow (here ICMP but the same for TCP, ...) it will go through the same link. If I apply, for example, all different...
View ArticleRe: SRX210 load-balancing
Hi Icube, I think you're thinking about this as if its a router.Simply put It doesn't care about paths. All it cares about is outgoing interfaces and sessions. If a new/different session is created (...
View ArticleRe: SRX- 650 || Policy Based VPN || Communication Issue
All, Finallly the issue is resolved by raising this case with JTAC. The Solution is to have a Route Based VPN which worked perfectly. Engineer suggested that there is a shortcoming in Policy Based...
View ArticleClik here to view.
Re: Accidental Power Loss - Juniper SRX 100H
Thank you Lyndidon. I'm so nervous even attempting this, I've only just started here and this device, if screwed up controls everything here, including our phones so I'm a bit apprensive right now....
View ArticleActive Router Advertissement IPV6 SRX : repond ping: sendmsg: No route to host
Hello, how we activate the advertissement router on a juniper on connect to ipv6 ? Freebsd connect to advertissement is on the file /etc/sysctl.conf net.inet6.ip6.accept_rtadv=1 My ipv6 :...
View ArticleRe: InterVlan Problem
Forgime me, but I need help with this issue. I have this topology Router ---- (trunk) ---- SW1(Layer2) ----- (trunk) ----- SW2 (layer2) I have VLAN 10,11,12,13,14,15,16 in all devices. If I connect in...
View ArticleSRX240 Dynamic Vpn with LDAP
Hi, I want to setup Dynamic Vpn on a srx240 and I want it authenticate through LDAP. I was reading the KB (https://kb.juniper.net/InfoCenter/index?page=content&id=KB21978&actp=search) on...
View ArticleRe: Accidental Power Loss - Juniper SRX 100H
Please run the snapshot command as soon as possible. This is NOT service affecting. AND YOU ARE AT RISK NOW UNTIL YOU DO. The dual boot partitions are there so that if a power failure occurs at a...
View ArticleRecommendations for UTM on SRX240
Hi, we have roughly 300 users. Now planning to implement UTM (with full features) on SRX240(pardon i am new in SRX). Following are some of the result. Based on your experience and expertise related to...
View ArticleRe: InterVlan Problem
Not too sure on the config rading, however it seems like one image shows the switch is confiured with PVLANS. If this is the case, then the you would need a pvlan-trunk to connect between both...
View ArticleRe: SRX240 Dynamic Vpn with LDAP
I am looking for the statement you are referring to. I did not see it. That would defeat the whole purpose of using AD LDAP. You are creating a proflie which would allow the users to log in with their...
View ArticleRe: monitor policer stats in SRX1400, 12.1X44 using simple-filter
ok thx for the update.
View ArticleRe: Active Router Advertissement IPV6 SRX : repond ping: sendmsg: No route to...
Hi !Find here a working example of IPv6 RA including 2 VRRP groups for IPv6 (address changed) interfaces {ge-0/0/6 { unit 0 { family inet { address 1.123.226.1/25 { vrrp-group 26 { virtual-address...
View ArticleRe: SRX240 Dynamic Vpn with LDAP
Hi Gourami, The command itself is "all user" ; but you don't have to add every single user by itself, unless you don't want to grant all of them access to the VPN ( I think you can also manage this...
View Article