Re: SRX3600 In Service Upgrade
ISSU needs the image only one Primary Node. It copies to secondary node automatically during upgrade
View Articleweb-management port
Hi there, My web management is being accessed from ge-0/0/0 and I need it to be accessed also by ge-1/0/0I need both allowed. which command I shoould run to add the ge-1/0/0 to the config below?...
View ArticleRe: web-management port
To add the port your use: set system services web-management http interface ge-1/0/0.0You will also need to confirm that the zone which this port is assigned allows the connection as well.set security...
View ArticleTraffic selector
Why do i need to use traffic selector or Proxy-ID in route-based VPN to specify the permitted traffics across the tunnel where i can already use security policy to regulate my traffics??
View ArticleRe: Traffic selector
Traffic selectors or proxy-id are part of the IPSEC VPN standards published for interoperability between vendors of site to site VPN devices. These are part of the communications that peers send each...
View ArticleRe: Digital signature
Hello, In simple words, there are two things:- 1) Sender's public key is used to decrypt the signature (hash of the doc) and then authenticate using HMAC for example. This way receiver knows that...
View ArticleRe: Traffic selector
Hello, It it not mandatory to use traffic-selectors/proxy-ids in a route based VPN. You can regulate the traffic with the help of security policies or firewall filters for sure. But when using route...
View ArticleRe: Traffic selector
One more thing, The proxy ID are used both in route-based and policy-based VPNs. The proxy ID generation for policy-based VPNs is based on the security policy bound to the VPN, and it cannot be...
View ArticleRe: Remote access VPN clients on RIs
Hi All, We have done this using route based vpn. We have used multipoint interface as anchor point. IFL st0 { unit 0 { multipoint; family inet { address 10.5.5.129/25;...
View ArticleOSPF and a backup link
I'm trying to get my head around the config needed to dynamically fail over to a backup link. All sites are using SRX240 running Junos 12.3. Head office has vlan.10 assigned 10.1.0.0/24. Its SRX has...
View ArticleRe: OSPF and a backup link
Increase OSPF cost of ge-0/0/3.0 interface than ge-0/0/2.0 interface to make Satelite link as backup link.Refer the the URL given below for configuration...
View Articlehub and spoke VPN
1-can HUB & spoke VPN be done using policy-based VPN ?? 2-is it possible to connect 2 SRX devices one using policy-based and the other one using route-based ??? if yes how ?
View ArticleRe: hub and spoke VPN
1-can HUB & spoke VPN be done using policy-based VPN ?? NO2-is it possible to connect 2 SRX devices one using policy-based and the other one using route-based ??? if yes how ?Do you have 2 links...
View ArticleRe: hub and spoke VPN
i don't have a specific digram in my mind, it was a question i was asked in an interview it was just " is it possible to connect between 2 devices one using policy-based and one using route-based"
View ArticleQuestion about Virtual-router and Zone
Hi Guys, I'd like to know if I can configure a Zone accross 2 VR? Which means I have 2 interfaces in Trust Zone, 2 interfaces in Untrust Zone but interfaces in the same Zone belong to different VR....
View ArticleRe: Question about Virtual-router and Zone
Hi Sean, No you cannot add one security zone i 2 VRs.SO if you have 2 interfaces in one security zone then you need to add both the interface into the same VR.You cannot add 1 interface into 1 vr and...
View ArticleRe: SRX240 cluster with LACP through a Cisco switch
Sorry for not getting back to you sooner but I could only try this now.I set the system mtu routing 9198 on the switch and also the system mtu jumbo to 9198 but it didn't work.Once the firewalls were...
View Article