new subnet needed on SRX220H2
Hi there, I need to set up a new subnet because I am being out of IP address. Now we use 10.196.24.X network with 255.255.255.0 subnet mask, gateway 10.196.24.1.I need to set up a new range like this:...
View ArticleRe: Webserver not working
add the following: set security nat proxy-arp interface ge-0/0/0.0 address 187.72.138.193/28set security nat destination rule-set DEST-NAT from interface ge-0/0/0.0set applications application HTTP...
View ArticleClik here to view.
Re: Webserver not working
on the third command I got the syntax error: And after trying to commit the first and second command I got the following error: root@device# commit [edit security nat proxy-arp interface ge-0/0/0.0]...
View ArticleRe: Logging not send to syslog file
Try to put match condition in quotes delete system syslog file policy_session match RT_FLOW set system syslog file policy_session match "RT_FLOW_SESSION"Also better is to log session-close because it...
View ArticleClik here to view.
Re: Webserver not working
187.72.138.193/32 < my bad - use /32 sure why your application does not work
View ArticleRe: DNS-Doctoring
There is actually a lot of information vlear explanation of the functionality and use...
View ArticleRe: Webserver not working
Cannot commit. please check step by step: root@rotem_brazil_aqa% cli root@rotem_brazil_aqa> configure Entering configuration mode The configuration has been changed but not committed [edit]...
View ArticleRe: SCTP NAT
Can you clarify what SCTP means? Stream Control Transmission Protocol? NAT operates at the Layer 3 to modify SA/DA or both. SCTP operates at Layer 4 and and still need IP for delivery. If you can...
View ArticleRe: Webserver not working
Lets try this one at a time.deactivate applications application HTTPdelete the proxy-arp statement.In the security policy, delete the application HTTP and replace it with junos-httpcommit and test.
View ArticleRe: IKE negotiation failed with error: IKE gateway configuration lookup...
You also need to addhost-inbound-traffic system-services ike
View Articlenested application
How to block a nested application but leave the main page available ??can this be done by using AppFW + IDP policy ???
View ArticleRe: Webserver not working
Hi, I am new on SRX configuration so could you please be more clear?I don't know junos-http, please take a look at my CLI below, I think I removed the first configuration we made: name-server {...
View ArticleGroup VPN
is it a must in GVPN that all member must use the same key to communicate ?? or i can define different IPSEC SA to different match-policy ????For example i have 3 members A & B & C , i want A...
View ArticleRe: Webserver not working
why not use application junos-http instead of defining appication HTTP?} from-zone untrust to-zone DMZ-trust { policy INTERNET-TO-DMZ { match { source-address any; destination-address WebServer;...
View ArticleRe: Webserver not working
Set a specific management url for jweb for e.g. so when you access the public IP it does not bring up the web management. If you need the web management then you would simply add the...
View ArticleRe: Group VPN
Yes.Standard IPsec security association (SA) is a one way directional agreement and a point-to-point tunnel between two security VPN devices. Group VPN is a new category of VPN that introduces the...
View ArticleRe: nested application
Yes. it can be done:http://www.juniper.net/documentation/en_US/junos12.1x44/topics/example/application-firewall-application-group-configuring.htmlYou would still need to see the details of the...
View ArticleRe: Webserver not working
noticed a config in others which I did not see here and not ally aware. Add this to your configuration } from-zone untrust to-zone DMZ-trust { policy INTERNET-TO-DMZ { match { source-address any;...
View ArticleClik here to view.
Re: HIGH SESSION UTILIZATION IN SRX 1400
Hi Swati, Thanks for posting your query here. First of all I would like to inform you that there are no sessions reserved for inet6. Actually the architecture of the SRX is such that if a SPC card is...
View ArticleRe: SRX - VPN Issues - Address Translation
Hi, Thanks for your response, I believe it's a site2site. gateway gw_key_grid { ike-policy ike_pol_key_grid; address 82.69.00.00; external-interface reth0.0; }Security Policy policy...
View Article