Re: send syslog to another virtual-router
You need to add static route for 10.16.0.22 pointing to the VR#set routing-options static route 10.16.0.22 next-table vr1.inet.0#commit
View ArticleMX Shaping scenario on sub rated CIR
Hi everyone.Please consier the following set up:MX5/SRX -f0/1---------Service ProviderLine rate is 100M but we have bought only 50M form the provider.We want to acheive following COS goals:1) All...
View ArticleRe: send syslog to another virtual-router
Hi Folks,Please find some pointers for such requirements, Add the route in master instance to use the vr.inet.0 table: set routing-options static route 0.0.0.0/0 next-table vr1.inet.0...
View ArticleRe: Firewall filter and "Count" action
Hi Folks,As Ashvin mentioned it is done in pfe; so we should be careful in limiting or enabling it based on the volume of traffic getting logged. Else, we can expect high amount of traffic destined to...
View ArticleAfter enable SSL Forward Proxy the traffic would decrease 90%
Hi All, After I enabled SSL Forward Proxy on SRX1500, the client traffic would decrease 90%. I used to download from the dropbox with 1Mbps, right now it couldn't reach 100kbps.Is that a normal behavior ?
View ArticleClik here to view.
Re: SRX-550 upgrade fails, at compatibility check ! Read-only file system
Hello Mkamaraj and thx a lot!yes it helped, it confirms what I though since I tried different things and couldn't make it working.I'll do the update to the version that supports validate, that's a good...
View ArticleRe: SRX 650 Strich High with shaping rate
I did a quick test on SRX110 and can confirm that strict-high priority + shaping-rate is limiting the bandwidth. Regards, Wojtek
View ArticleRe: SRX 650 Strich High with shaping rate
Thanks, appreciate all your help, have a nice weekend!!
View ArticleRe: send syslog to another virtual-router
Suraj,Thank you for your reply. Unfortunately this was not enough to get the logs flowing. There was no indicate of a problem when I turned this on: set system syslog file deleteme any any Any idea...
View ArticleRe: send syslog to another virtual-router
Presumably I'd also have to add a route for data to get back from vr1.inet.0 to inet.0?
View ArticleRe: Cannot reset root password
yeah I already tried that. Still no luck. I go into recovery mode, reset the password and then reboot and nothing works. When I try and intentionally login with a bad password, I get a "login...
View ArticleRe: Cannot reset root password
I think I ran into that once before too. If I recall, I believe it was that you can reset the password to pretty much anything that you want but if that password doesn't meet the system requirements...
View ArticleMX5 port shaper/policer
Hi everyone,I have a question. Is port's shaper/policer applied after the traffic has been queued and scheduled and put on the FIFI queue of the port? In other words, does port 's policer/shaper act...
View ArticleClik here to view.
Re: AppID - Preprocessing
Without being 100% precise in the defintions I will give it a try :-) for AppID to work the firewall needs to take fragmented packets, keep them in-memory until the entire PDU is received and...
View ArticleRe: send syslog to another virtual-router
As the syslog data is udp packets, there is no need for the VR to have to route back to inet.0. My guess is that you are sourcing syslog packet from 10.16.2.2 which is placed in the VR - and when the...
View ArticleLocal Web Filter Blacklist and Default Block
Hi allWhen configuring the local web URL filter on the SRX is it compulsory to have a blackllist or could you have a whitelist with the URL(s) you wish to permit then next utilise the default action of...
View ArticleRe: Local Web Filter Blacklist and Default Block
Your understanding is correct. Just configure white list to allow the specific URLS you want to allow and configure default block to block everything else.root@srx> show configuration security...
View ArticleRe: send syslog to another virtual-router
Do you have any interface part of inet.0? If not please create a loopback interface and keep in inet.0. Make sure you assign an ip to the same, any /32 is fine.If this also dont help please share your...
View Article