Re: Sub-interface with tagged VLAN in vSRX
Yes you can, but you will need to enable flexible-vlan-tagging and use a native vlan (documentation). Your confif would look like: ge-0/0/0 {flexible-vlan-tagging;native-vlan-id 20; unit 0 {vlan-id 20;...
View Articleintermittent vpn with multiple proxy IDs
Hi, we have a vpn on our srx firewall, and its peer device is a cisco ASA. we are using policy based vpn and there are three subnets/proxy-IDs. we configured 3 sec policy for each subnets, so that each...
View ArticleRe: Route based VPN in and out same interface?
Hi, It depends on how you have your zones set up. For example, are reth20 and st0.100 in the same security zone? Then you need an interzone policy configured. user@srx# show security policies...
View ArticleRe: intermittent vpn with multiple proxy IDs
Hi, I (and a lot of people on this forum), have had issues configuring Policy Based VPNs between an SRX and an ASA. Thank god for Traffic Selectors in version 12.1X46. This will save you a lot of...
View ArticleRe: SRX 340 ports
Hi, Cant seem to find too much on this, however, the 240 and the 550 both use ge-0/0/1. Might be worth cabling it up like that and see if the cluster comes up!
View ArticleRe: SRX 340 ports
Hi, Many thx for an idea. I don't have to cable it, the only think is to setup cluster and check the mac address, and compare, which phisical port has the same mac as fpx1. There is, unfortunately,...
View ArticleRe: SRX 340 ports
Ah, I see now, this device has its own management port, I assume this replaces the FXP0 port, so maybe ge-0/0/0 could be FXP1 Very odd that there is no documentation on this. Can you place a ticket...
View ArticleRe: Route based VPN in and out same interface?
Perfect. Thanks for the reply. I was planning on doing them in seperate security zones. So making the policies between zones makes sense to me. Now hopefully I can get the tunnel working through the...
View ArticleSRX240 SSH Rate-limit dependencies
I just inherited a fielded SRX240 and need to run Nessus scans against the device remotely. After talking with colleagues, to get valid scans I need to increase the SSH rate-limit (system services ssh)...
View ArticleRe: Bridge tagged logical interfaces
I confirmed It is working. I connected a computer running Wireshark to ge-0/0/0 and saw the fraffic flow from ge-0/0/3. Thanks.
View Articleclass of service does not work on vpls interface?
Hi all,I want to rewrite all egress traffic with CoS:4 at ge-0/0/0.34. Here's my configuration: interfaces { ge-0/0/0 { per-unit-scheduler; vlan-tagging; encapsulation flexible-ethernet-services; mac...
View ArticleRe: SRX240 SSH Rate-limit dependencies
Hi LSM, I think the limit from 1 to 25 only applies to switches and routers as per this source. The SRX is a firewall so it has a lower limit ( I've seen the limit from 1 to 5 on multiple versions of...
View ArticleSRX DDNS with Google Domains
I am running 12.3X48-D25.3 on an SRX210 looking to activate DDNS using Google Domains support for DDNS. Support article from Google can be found here. My configs: [edit system services dynamic-dns]...
View ArticleRe: configuring the VDSL2 PIM with point to point IP without using username...
I will be appreciated for the advice to apply this setup
View ArticleRe: configuring the VDSL2 PIM with point to point IP without using username...
You may try http://www.juniper.net/documentation/en_US/junos15.1x49/topics/example/vdsl2-pim-security-interface-property-configuring.html
View ArticleClik here to view.
Clik here to view.
Re: SRX 340 ports
Hi, Thank You Michal for finding that. Indeed it has been adjusted after I started searching information about that, and wrote that post. Thank you Juniper for updating (after my post ??) the techpub...
View ArticleRe: Broadcast Vlan
By definition broadcast traffic is only for the local broadcast domain. Typically this is only the local vlan as you are observing. If you need different vlans to belong to the same broadcast domain...
View ArticleDynamic DNS on SRX with dyndns.org
Hello All, Earlier I tried to setup ddns on SRX with noip.com; but it never worked out. Now I've got a DNS hostname from dyndns.org (dyn.com) and I've configured SRX with the details: [edit system...
View Article