Problem with SRX 5800
Hi everyone,I am having a problem with a SRX 5800, we had a energy issue on site and now my cluster show OK but i cant see the status of one routing-engine... show me this error; error: error...
View ArticleRe: 2 isp and nat
#1If you are really creating another routing instance for ISP2, then LAN interface also should be within that instance.Unless you're using policy based filtering.#2 Explain pool "cifra1"...
View ArticleRe: CPU spikes on data plane caused by security monitoring
I've reduced MSS as low as 1200 and diabled all unnecessary logging. I've also upgrade to 12.1x46d40.2. I'm still seeing 99% cpu usage on fpc during large file transfers (I/E total=~110Mbps, pps...
View ArticleRe: Problem with SRX 5800
Hi,In order to investigate the routing-engine I recommend to open JTAC case .In order to login to secondary node in high-end SRX, you'll need to be in the shell and run the following...
View ArticleRe: SRX1400 - SRX1K-SYSIO-XGE - Interfaces won't come up/"device not...
Have you tried bringing the cards online? You can do that either by holding the "online" button in for 5 seconds, or by issuing the cli command "request chassis fpc slot slot <x> online".
View ArticleRe: conversion from SSG config to SRX : p2-proposal with no-pfs
You do not specifically set "no-pfs", but rather just leave-off the "perfect-forward-secret" setting within the ipsec policy (note that it is not in the proposal, but rather the policy setting).
View ArticleSRX Power Button
Hi,Is it possible to disble the power button at all branch models (SRX 100, 210, 220, 240)?Thanks
View ArticleRe: 2 isp and nat
Hi, thnak you for your reply.#1I tried to add separate vlan to routing instance - it didnt helped.#2it is routed to ISP2. There is only one routing instance, for isp2. Services like ipsec vpn works...
View Articlesd-syslog timestamp format
Hi, I'm struggling with timestamp on sd-syslog message. It seems they are using ISO8601 timestamp format but the timezone indication is missing. I have timestamp like this : 2016-03-24T14:41:24.806...
View ArticleRe: sd-syslog timestamp format
AFAIK, If you use the "structured-data" statement then you will generate messages with the following format (although this example also includes the statement "time-format millisecond"....
View Articleglobal multi-zone policy to junos-host doesn't match
Hello everybody, I'm merging policies using the multi-zone feature of 12.1X47. This allows a global policy to bind to several zones. So I made the following policy. This should replace the firewall on...
View ArticleClik here to view.
Re: Problem with SRX 5800
the for the answer, we have open a JTAC and just waiting a response right now.
View ArticleClik here to view.
Re: Dual ISP failover, one ISP routed to loopback
Tim, I finally got around to changing the config to match your example. I used method 2, with putting the two ISP's into their own zones and then setup the NAT rules accordingly. This is working...
View ArticleTrouble with firewall filters
Hello everyone Hoping someone could point me in the right direction. I want to implement some firewall filters to restrict management access to our SRXs. I have followed a number of guides to include...
View Articlefabric physical up ,but Fabric link status: Down . why
show chassis cluster interfaces Control link status: Up Control interfaces: Index Interface Status 0 em0 Up 1 em1 Up Fabric link status: Down Fabric interfaces: Name Child-interface Status...
View ArticleRe: fabric physical up ,but Fabric link status: Down . why
Hello What version of JUNOS are you using ? Are you using 40 GE modules for your fabric links ? We experienced this same issue we were running 12.1.X47 D10 the temporary work around was to convert the...
View ArticleRe: fabric physical up ,but Fabric link status: Down . why
thanks for your reply . version 12.1X44-D45.2. we don't use 40 GE modules for fabric links. just two cable connect directly between two device
View ArticleRe: Fabric interface status is 'Down' in cluster but physical interface is up
we also have a ISSU . and seems the same situation with you . my question is how do you konw it is a failed ISSU . and since we have finish ISSU . how we can rollback
View Article