Re: SRX 1400 is blocking packets for download during Debian Distribution...
When you test the successfull transfer is the SSG firewall also in the path?The answer is yes, ssg firewall is also in the path for successful transfer. What is the security policy that permits this...
View ArticleClik here to view.
Re: SRX 1400 is blocking packets for download during Debian Distribution...
Traceoption logs:Dec 13 22:24:46 22:24:46.529979:CID-01:FPC-01IC-00:THREAD_ID-14:RT:ha_ifp: reth5.943 Dec 13 22:24:46 22:24:46.530029:CID-01:FPC-01IC-00:THREAD_ID-14:RT:Installing c2s NP session wing...
View ArticleRe: How to change SRX route-based VPN proxy id
Did you actually try your configuration on a live SRX?! there is only one proxy-ID defination is allowed, to get around the limitation, you use traffic-selectors.
View ArticleSRX port forwarding - intermittent results
Hello- I have an SRX300 and have created quite a few port forwarding instance. I recently created one it it works intermitently. I am connecting to an NVR with a web browser and I have 2 issues: Going...
View ArticleRe: Does entire session will re-establish back if we change MTU on physical...
Hi rsuraj,Lets say the physical mtu still use default value 1514... but if I increase the logical interface mtu to 9192 then is it that logical interface can use jumbo frame even the physical itself...
View ArticleRe: SRX port forwarding - intermittent results
Hi, i does sound strange. Could you please provide Junos version and config snippets for interfaces, nat and security policies? Then it's easier to come up with suggestions or needed changes. Thanks!
View ArticleRe: SRX port forwarding - intermittent results
Hello Jonas-Last night I upgraded the firmware from 15.1X49-D90 to 15.1X49-D110.4 and that seems to have fixed the issue. Fingers crossed. Thanks for the reply!Bruce
View ArticleIssues with ISP when running IPOE
Good Evening I have notice alot of our IPS down here are now running IPOE. The issue is that the SRX thinks everything is ok if there is an upstream issue as it only needs to try every few hours to...
View ArticleRe: Does entire session will re-establish back if we change MTU on physical...
AFAIK, the logical interface MTU cannot be higher than physical interface MTU.
View ArticleI want to create a policy to allow *.cisco.com or cisco.com/uri
I want to create a policy on SRX firewall to allow anything *.cisco.com any uri cisco.com/uri. I would say anything on cisco website but block other websites.for eg....
View ArticleAddress Book and Security Policy
Hello, I just started using a SRX device two days back only. So this might be very newbie question. I am basically trying to create a firewall policy using address-books. I just want to confirm that...
View ArticleRe: Address Book and Security Policy
Hello,Yes ! You are right.1. You can configure address under global adress book or under zone address book, if you configure it under zone address book, you can see it under zone. It's better to...
View ArticleRe: I want to create a policy to allow *.cisco.com or cisco.com/uri
Hello, Yes you can with command:Set security zone security-zone "test" address-book address "cisco-test" dns-name cisco.com
View ArticleRe: Address Book and Security Policy
1. I wouldn't say it's always better. Defining addresses in the global address-book is a must for some NAT configurations and global policies. Otherwise I prefer to use address-books attached to zones....
View ArticleRe: I want to create a policy to allow *.cisco.com or cisco.com/uri
And then you can use this address in security policy, for more details:https://kb.juniper.net/InfoCenter/index?page=content&id=kb20994
View ArticleWhat are mean Invalidated sessions?
Hi all, May i know the invalidated session refer to what? Is it refer to traffic that drop due to policy deny? or other thing that need to investigate detail? Appreciate any feedback...
View ArticleRe: What are mean Invalidated sessions?
It has to do with TCP session closure 3-Way handshake:Client A Server BFIN FIN/ACK ---> session timer set to 150sACK ---> session timer set to 2s4-Way...
View ArticleRe: How to change SRX route-based VPN proxy id
Thanks Old Creek, I was confusing proxy-id with traffic selectors. I saw the main question as how to have only one subnet on local with two on remote. You need to configure each set as separate...
View ArticleRe: SRX 1400 is blocking packets for download during Debian Distribution...
Thanks for the answers and the data. I see frequent session refreshes after the tcp sequence checks. Could you try turning this off for a test? set security flow tcp-session no-sequence-check
View ArticleIP-Monitoring not failing over
I am probing address 4.4.4.4, it shows pass but the history shows failed? Probe name Test Name Address Status ---------------------- --------------- ----------------...
View Article