Re: Upgrading SRX210H2 from 12.1X44-D15.5 to 12.3X48-D65
Thank you for your relpy spuluka.Just to clarify the boxes I am to upgrade are in remote locations and I cannot revers it ez if i lose managment of the device. Sry just for clarification "request...
View ArticleRe: Upgrading SRX210H2 from 12.1X44-D15.5 to 12.3X48-D65
Sorry for the confusion. When you do request system software add /path/file the default is to validate the configuration it only skips this step if you specify no-validate. When your do requests...
View ArticleScreenOS to JunOS: the journey continues... IPSec VPN very slow to reconnect
Hello,I'm slowly getting my feet wet with JunOS as described in this earlier post:...
View ArticleRe: VPN Connection Issues
Hi, thanks for spending time for me.. I had a running configuration from another office location and firewall ... So I compared both and added the following difference to the configuration which are...
View ArticleSRX320 ECDSA Authentication
Hi,SRX320 supports Group VPNv2, I would like to ask whether SRX320 supports ECDSA (256/384 bit) Authentication or not ?Thanks in advance. Regards
View ArticleJust starting out with junos, So a noob question here..
I dont have a basic layer three connectivity between my two juniper srx210. I have two interfaces directly connected to each other, yet they cant ping each other. I will attach the config please let me...
View ArticleRe: Just starting out with junos, So a noob question here..
Hello,Looks like You connected R1 ge-0/0/0 to R2 ge-0/0/0. Then You have 2 issues:1/ ge-0/0/0.0 netmask on R1 is /24 but on ge-0/0/0.0 netmask on R2 is /302/ ge-0/0/0.0 on R1 is not assigned to any...
View ArticleRe: Just starting out with junos, So a noob question here..
okay thanks for the that. So does this mean that every time i am working with an interface on Layer3 I need to assign it to a zone ? If yes, what are zones and what can be configured in a zone? also i...
View ArticleRe: Just starting out with junos, So a noob question here..
Hello,If You are not familiar with firewall "zone" concept, I strongly suggest You first read the book "JUNOS Security" https://www.amazon.co.uk/gp/product/1449381715Or at least chapter 4 that...
View ArticleRe: Just starting out with junos, So a noob question here..
so I ended up solving the issue by adding the interface ge-0/0/0.0 to a trusted zone. Thank for all the help!!
View ArticleRe: ISP link failover from SRX firewall to SRX router
If you can add the direct link from the SRX340 to the SRX240 and treat that as if it were a second ISP. then use the rpm failover between this new link and your local ISP....
View ArticleRe: The easy way / method to apply this policy?
I see the same problems you mention. I can't see any way to have the first policy being this block without creating them all inserted at the top of the zone to zone list.
View ArticleRe: ScreenOS to JunOS: the journey continues... IPSec VPN very slow to reconnect
Does your SSG now have the gateway ip address behind NAT on the SRX? If so, is nat-t enabled for the vpn configurations?...
View ArticleRe: SRX320 ECDSA Authentication
Yes both are supported see the details here. https://www.juniper.net/documentation/en_US/junos/topics/concept/certificate-digital-understanding.html
View ArticleRe: VPN Connection Issues
Hi, There is a mismatch in your Phase 2 proposal configuration with peer device, Peer Phase 2 config should match with your config. proposal IPSEC-PROP-1 { protocol esp; authentication-algorithm...
View ArticleImport certificate from Active Directory
Dear all,I have googled how to import certificate which exported from AD to SRX devices for SSL-proxy but no luck.Hope I can have some advises here. Thank you so much!Tuan
View ArticleRe: Import certificate from Active Directory
Hi,Below mentioned KB may help:https://kb.juniper.net/InfoCenter/index?page=content&id=KB10176&cat=J_SERIES&actp=LIST
View ArticleRe: ISP link failover from SRX firewall to SRX router
Thank you Steve, As per your suggestion if i made required changes, while network traffic returning back (which was initiated through core --> srx340 -->srx240--> towards MPLS network) what...
View ArticleUse same IP address for IKE and IPSec
Hi i have the following problem since we switch from sophos to juniper srx. We have a server with one public ip addresse. This server start an ikev1 with public ip. The ipsec connection also use the...
View Article