VRRP Issues
Hi, I have VRRP setup on my two SRX550's We had one internet line up until recently so all of our VLANs were using FW01 as the master node. Machines in vlan.68 were able to contact vlan.40 with no...
View ArticleSuite B configuration
I'm trying to set up a tunnel using the predefined proposals for suite B. I can see the traffic and it attemps to establish the tunnel, but it never does. If I remove the proposal set and use a pre...
View ArticleCan someone explain this PR1251752?
Hi all, Appreciate someone explain regarding the PR1251752 whether its related to my issue there is when i query my DNS Server using https://dnschecker.org/ it also appear a private ip DNS server....
View ArticleRe: Branch SRX as a DHCPv6 prefix delegation client?
I'm running into this issue as well, using an SRX320 on Spectrum. I think I may have gotten to the root of the issue. According to this article, the DHCPv6 client cannot handle RA messages with...
View ArticleRe: question about vlan-tagging and reth
Hello guys,Would be most grateful if someone would explain the underlined part of the configuration below, and why its required. reth3 { vlan-tagging; redundant-ether-options {...
View ArticleHow to apply / install license on NCP Client?
Hi all, any one know how to apply license on NCP client for SRX? As i know the NCP client is 30 days free trial. I'm cannot see the menu on client to install the license. Thanks and appreciate someone...
View ArticleRe: vSRX HA Cluster on VMWare vCloud
Hi, Did you ever manage to get this to work? Im currently stuck. On my setup the control link shows as down. Ive enable promiscuous mode,. But yet it still dowm
View ArticleRe: How to apply / install license on NCP Client?
Hi , If you are trying to install the license on the NCP client itself, you just need to be connected to the internet and then you can follow the steps provided on the below document to activate the...
View ArticleRe: SRX300 series VLAN interface
What a shambles - that Juniper would mess up what was working well for years! The new SRX range and 15 software are so problematic that my company is looking at moving to another platform.
View ArticleRe: SRX3400 Redundency "show ntp status"
The metric for NTP sync is not rootdelay. It is stratum. As long as your stratum value is not 16 your client is in sync with the NTP server. Lower the stratum value more accurate is your time. Stratum...
View ArticleRe: SRX3400 Redundency "show chassis cluster information"
The above output means this cluster has never had a failover. Below is a sample output of a cluster which has experienced failovers user@host> show chassis cluster informationThe following output...
View Articlecategory list not getting hit on EWF
Hi Experts, we are having problem on the enhanced webfiltering. everything is configured right(i hope so) but all the websites that should be blocked based on the category list from the EWF profile...
View ArticleSSL Forward Proxy
Hi I am testing SSL forward proxy over vSRX junos 15.1, I followed the below guide steps; https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/ssl-proxy-workflow-configuring.html...
View ArticleIPSec VPN not stable- connection keeps dropping out
Hi, I setup a vpn tunnel between juniper SRX-240 and FlexGW-StrongWAN machine. The tunnel becomes up for cetain time then the connection drops while rekeying.I tried to debug the ike logs i found the...
View ArticleTCP-Proxy
Does SRX act as proxy for tcp connection by default or this is have to be configured ?
View ArticleRe: SRX and Multicast over IPsec VPN
@ShaneBooker Did you find any solutions? I'm trying to do the same thing. I've been trying configuring protocols igmp, and pim, as well as setting up GRE tunnels (gr-0/0/0), but no luck getting...
View ArticleRe: TCP-Proxy
It has to be configured set security screen ids-option ids-zoneX tcp syn-flood alarm-threshold # set security screen ids-option ids-zoneX tcp syn-flood attack-threshold # set security screen ids-option...
View ArticleRe: TCP-Proxy
Hello TCP Proxy is usually enabled by default. Also certain features like UTM/IDP/ALG or screen flooding can trigger the TCP proxy. For more on TCP proxy, please refer the following documentation...
View ArticleRe: SSL Forward Proxy
Hello, The fact that the "ignore-server-auth-failure" option helps you to pas sthe traffic indicates that the possible problem can be with that certificate validation, root CA expiration dates. It...
View ArticleRe: VRRP Issues
My guess is asymmetric routing. Traffic from vlan 68 is sent to the default gateway FW02, it forwards it to the vlan 40. Now returning traffic from vlan 40 is sent to it's default gateway FW01 and is...
View Article