Clik here to view.
Help with NAT configuration.
I have a srx240 and am trying to learn junos the best that I can however I have reached my googling capabilities and simply can not figure out nat! topology modem -> ge-0/0/0(untrust) ->...
View ArticleRe: Help with NAT configuration.
Your issue is that you haven't defined a destination port on your destination nat rule. That way all traffic to the IP is being nat'ed. Try add this command and let us know of the result :-) set...
View ArticleConfig Dynamic DNS on SRX300
Hi, I want to config the SRX300 as a DDNS client. Is there any way to config it on web GUI or CLI? My SRX300 software is 15.1X49-D100.6 . Thanks.
View ArticleAny one has exprienced impement this command on SRX5800?
Hi all, May i know whether have someone exprecinced implement this hidden command below on the production. As per ATAC inform this command can perevent the RE from impact of broadcast storm but it not...
View ArticleSRX GATEWAY Cluster with VLAN
Greetings ExpertsThe following is the question on SRX 240 with Cluster, please guide me to the right path if this is already being answered... The below is the topologya) There are 2 SRX (SRX-A and...
View ArticleRe: Config Dynamic DNS on SRX300
Are you looking for this? https://kb.juniper.net/InfoCenter/index?page=content&id=KB28971 HTH
View ArticleClik here to view.
Re: Help with NAT configuration.
jonashauge wrote:Your issue is that you haven't defined a destination port on your destination nat rule. That way all traffic to the IP is being nat'ed. Try add this command and let us know of the...
View ArticleRe: Help with NAT configuration.
That did it! now I am onto an interesting security policy issue... I'll make another post for that as it does not deal with NAT.
View ArticleSecurity policy Untrust to zone Trust is denying traffic.
So! this is an interesting one, the untrust to trust policy is blocking traffic from untrust to untrust. I am using a port scanning utility on the internet to test for open ports on my network I am...
View ArticleRe: Security policy Untrust to zone Trust is denying traffic.
Security policies are post-NAT so your policy should be source any, destination <internal IP>.
View ArticleSession creation and Security Policy on SRX
Hi everyone. Is it correct SRX creates " Session" for new flow that passes Security policy? I am confused about at what point Session is created in session table, please see the example below: PC(...
View ArticleRe: Security policy Untrust to zone Trust is denying traffic.
No cigar, from the log it is an external ip to my public facing ip that is being denied, should i create an untrust to untrust policy? However I am still confused as to why it is hitting on the untrust...
View ArticleRe: Subinterfaces vs VLAN interfaces
Thanks for the diagram makes it easier to understand. Your configuration looks good, putting the gateway for each of those three subnets onto the SRX and since there is only one port in each VLAN the...
View ArticleRe: SYSLOG and Control plane on SRX 650
The SRX650 is a branch model SRX. The difficulty discussed in the paragraph is how the High End SRX handle logs due to combination of two factors mentioned volume + physical separation of control and...
View ArticleRe: SRX GATEWAY Cluster with VLAN
Assuming your SRX cluster is Active/Passive, you will be configuring these connections are RETH interfaces (redundant ethernet). These are similar to AE but only one interface is active passing...
View ArticleRe: Session creation and Security Policy on SRX
Check out the flow chart in this kb article for the details. You do have this correct that destination NAT drives the security policy while source NAT does not....
View ArticleRe: Security policy Untrust to zone Trust is denying traffic.
Check out the packet flow chart in this kb article. https://kb.juniper.net/InfoCenter/index?page=content&id=KB16110 As Smiker notes, your security policy for destination nat must be written to the...
View ArticleRe: SRX GATEWAY Cluster with VLAN
Thanks for the reply and advice.. I have attached the sample topo (SRV-1 and SRV-2 in the same vlan)a) can i have more than one interface in a RETH (so in my case two interfaces each -- SRX-A and...
View ArticleRe: Security policy Untrust to zone Trust is denying traffic.
If that is the case then why didn't the source-address any rule work? Or do you mean I need to set an untrust to untrust rule with the destination being my WAN address definition?
View ArticleRe: SYSLOG and Control plane on SRX 650
Thanks for your response. This is what I understand: 1) Branch office SRX can use " revenue port" i.e the port is used by transit traffic to source SYSLOG since this port exists in data plane . Same...
View Article