Re: VPN UP but ping only reach 2 packets
Hi, 1: From which side you are initiating the PING? Is the behaviour same if you initiate the PING from either side?2: What do you see in ">show security ipsec statistics"? any error?3: any screen...
View ArticleRe: Firewall filter and "Count" action
Hi, In Juniper, count & log actions are retained on the PFE [data plane] which can be retrieved by the RE [control plane] via cli commands.Cheers,Ashvin
View ArticleRe: VPN UP but ping only reach 2 packets
Sounds like some kind of security policy on the remote side kicking in.
View ArticleTwo forwarding class with Strict queue
Hi there If we have two traffic classes say T1 and T2 , we want T1 to be serviced upto 5% and no more and T2 to be serviced 90% and no more.T1 Strict priority 5% ExactT2 strict Priority 90 % ExactWill...
View Articlevlan tagging on subinterface
Hi all,I have an srx running on a customer site and i want to add a virtual interface with a vlan tagging on it.My experience with Pfsense or Sophos UTM or VyOS is that i can create a virtual...
View ArticleRe: vlan tagging on subinterface
I guess i already found itfe-0/0/7 { flexible-vlan-tagging; native-vlan-id 1; unit 0 { vlan-id 1; family inet { address 192.168.0.254/24; } } unit 30 { vlan-id 30; family inet { address...
View ArticleRe: Two forwarding class with Strict queue
Hi, strict-high priority has precedence over all other priorities even when out of profile, always serviced first.'transmit-rate exact' cannot be configured for strict-high priority, i.e strict-high...
View ArticleRe: Two forwarding class with Strict queue
Additionally you are not allowed to configure more than one scheduler with strict-high priority in one scheduler map. You will get a commit error: More than one schedulers with priority strict-high for...
View ArticleRe: Control Plane Traffic PIM DSCP can not be modified
Did it work? I heve checked and confirmed that SRX doesn't support setting DSCP under firewall filter.I'm a bit confused because you have accepted it as a solution. Regards, Wojtek
View ArticleSRX300 Cluster - Change node IPs
Hi there, We have 2 SRX300 firewalls in a cluster which are working fine. However, a recent reqirement has come where we need to change the IP of the firewalls. Therefore, if we change the node IPs,...
View ArticleBetreff: SRX300 Cluster - Change node IPs
Hi,changing the nodes IP's (fxp0) should neither break the CLuster, nor require a reboot as far as i know.If you want to be sure, change everything and do a "commit confirmed" - this way, you are back...
View ArticleRe: SRX300 Cluster - Change node IPs
Changing IP address wont break cluster and it dont need a reboot. Since you are connecting to device remotely, make sure you are not changing IP on which you are connecting, you will lose access.You...
View ArticleHome Office VPN
We have SRX router. What is the best way to connect home offices to the main office via VPN. We need to put a VoIP phone at the home office and we don't expect the home office to have a static IP.
View ArticleRe: Home Office VPN
You will use an aggressive mode phase 1 on the site to site vpn instead of main mode when one side has a dynamic ip address. the difference is outlined in this kb article....
View ArticleRe: VPN UP but ping only reach 2 packets
wild guess set security ipsec vpn VPN-NAME ike no-anti-replayref: https://kb.juniper.net/KB26671
View ArticleRe: SRX interface flappinng "down reason tlv value (0x0)
This messages are harmless (internal communication) and can be ignored. Ideally these will come only with traceoptions, can you check if you have enabled traces under ge-0/0/0 or interfaces hierarchy,...
View Articlesend syslog to another virtual-router
Hi, I send logs to an external syslog server: system { syslog { host 10.16.0.22 { any any; } } My SRX can route to this external server only through fe-0/0/1.0:interfaces fe-0/0/1 { unit 0 { family...
View ArticleSRX 650 Strich High with shaping rate
Hi everyone, Strich High queue with Transmit rate , has unlimited bandwidth i.e rate is not considered which can starve other queues. We can not use exact with HIGH Priority, rate limit is not...
View ArticleScheduler with shaping rate and burst size.
Hi everyone,Please consider the following config on SRX 650. Note that i did not specify any buffer just the shaping rate. set class-of-service scheduler-maps LEE forwarding-class NETWORK-CONTROL...
View Article