Re: SRX Enhanced Web Filter Categories Descriptions
You may refer KB31122 - [SRX] Blocking HTTPS sites using EWF (Enhanced Web Filtering)https://kb.juniper.net/KB31122Regarding the category for adult website, www.playboy.com<> and...
View ArticleRe: SRX 1500: Warning while committing the changes
Hi,Do you have any interface configured for Ethernet-switching (L2 interface)? What was the change you were commiting?if possible, please share "show interface terse | no-more" command output
View ArticleRe: SRX Global Policy
What about the explicit zone to zone policy that has from-zone global and to-zone global? Where does it fit in the lookup order?
View ArticleRe: SRX 1500: Warning while committing the changes
Can you post your interface config? Also which version of code are you running? Anand
View ArticleRe: Is there any other way to see the IDP signature protected?
No, JTAC cannot share this information since this is proprietory. Anand
View ArticleRe: 1-to-1 NAT setup to untrust /24?
You do not need an inbound policy for this. Policy is written in the flow direction of the host that initiates the session. So your policy now is correct. The next thing to verify there is that the...
View ArticleRe: SRX Global Policy
Sorry for the confusion. Both of the examples you link above create security policy at the same hierarchy level. So they merge together and are processed in the order you put them in the policy....
View ArticleRe: Is there any other way to see the IDP signature protected?
If you are experiencing a false positive hit with your application on this signature, I would open a JTAC case to investigate. They can help with that type of issue.
View ArticleRe: SRX Global Policy
Hi Steve. Thanks for taking the time to respond to my questions! I am still confused in one regard then - in my device 'show configuration security policies global' and 'show configuration security...
View ArticleUpgrading SRX210H2 from 12.1X44-D15.5 to 12.3X48-D65
Hi, I have been asked to upgrade a good bunch of live srx210H2s to the recommnded junos version but I have never done this before and don't have a test SRX to test it on. Upgrade will be from...
View ArticleRe: SRX Global Policy
I think I see the confusion now. the first port shows this example from NSM.set security zones security-zone global address-book address p1 192.168.1.13/32set security zones security-zone global...
View ArticleRe: Upgrading SRX210H2 from 12.1X44-D15.5 to 12.3X48-D65
Yes running validate before the upgrade is recommended and will catch obvious problems. But your main source of review will be the release notes for your new version....
View ArticleRe: SRX 1500: Warning while committing the changes
Interesting error... you only have switching or transparent mode. With this error it must mean the default its not in switching mode? I will suggest you try setting the l2-learning mode switching: #...
View ArticleVPN Connection Issues
Hi,I am trying to setup a VPN connection through GoogleCLoud from office location. The phase1 seems to be up but IKEPhase2 does not seem to be up. I turned on the debug and searched for the error...
View ArticleRe: VPN Connection Issues
Hi, There is a mismatch in your Phase 2 proposal configuration with peer device, Peer Phase 2 config should match with your config. proposal IPSEC-PROP-1 { protocol esp; authentication-algorithm...
View ArticleRe: SRX240 setup problems
OK, here is the configuration. This is what I tried to set up as a permissive policy with the Internet from the cable modem coming in on chassis port 0, then a reserved DMZ on chassis port 1 which I...
View ArticleClik here to view.
ISP link failover from SRX firewall to SRX router
Hi,Please find below Network topology and suggest suitable option to achieve ISP link failover/traffic diversion on firewall1) For internet request core switch has default route towards SRX3402)For...
View ArticleRe: SRX Global Policy
Thanks, Steve. Much appreciated! In this case, I think maybe you should not allow syntax like "from-zone global to-zone global" and a zone called global. We have customers that configured rules with...
View ArticleRe: Is there any other way to see the IDP signature protected?
Hi all, Thanks for the feedback
View ArticleThe easy way / method to apply this policy?
Hi all, Let's say i have 20 security zone and each security zone have zone-to-zone policy. Each security policy have around 300 policy. If want to add new policy let say block TCP_450 and need to apply...
View Article