Re: SRX 1400 commit error
Hello, here are the results from the CLI commands Versionnode0:--------------------------------------------------------------------------Hostname: XXXXXXXXModel: srx1400JUNOS Software Release...
View ArticleRe: SRX 1400 commit error
And this is where you have a problem (certificate expired): Certificate identifier: ssl-inspect-ca Certificate version: 3 Serial number: ffb749fe9a450811 Issuer: Organization: areandina, Organizational...
View ArticleRe: more specific monitoring via automation for high-end SRX(s)
I haven't seen any reply since I posted my topic (more specific monitoring via automation for high-end SRX(s)). I am not sure but can you please advise this topic should be here or in the Automation...
View ArticleCan I use advpn conbination with FBF ?
Hi expert Can I use advpn conbination with FBF ?
View Articlesome erros on the SRX
Hi All,Recently the following log messages have been taking place on the high end SRX in cluster environment. Is any one experiencing in these errors? node0.fpc0.pic0 cpu_util_usp_ipc_cmd_handler:...
View ArticleRe: SRX 1400 commit error
Thanks for your help, however I'm noy sure how to proceed after this, is there a way to bypass the issue ? what do I need to do? wrote:And this is where you have a problem (certificate expired):...
View ArticleRe: SRX 1400 commit error
Well, now that the problem is clear you can fix it. To fix it you have two options:1. remove the ssl_inspect_ca certificate currently loaded and replace it with a valid certificate.CLI command...
View ArticleRe: SRX 1400 commit error
Thanks a lot! I was able to remove the certificate and proxy and now I can make changes
View ArticleRe: IP Phones Restarting with Juniper SRX1400
You can try running a consistant ping from branch C to the CUCM in HQ. If this helps, you have a tunnel timeout issue. Please post HQ and branch C config files for review
View ArticleRe: some erros on the SRX
Hi Erx, Interface ge-5/3/9, member of reth0 seems to go down in operating state.Are you running LACP on reth0 ? Cmds to check from Primary of SRX: show chassis cluster status show lacp interfaces...
View ArticleRe: Can Ping Internet from 1 of IPs on Interface, Can't Ping from the Other
1. Interface is in security zone & hence the sessions is built in first place. So no doubt about zone/policies. 2. As per defination:An interface’s primary address is used by default as the local...
View ArticleRe: IP Phones Restarting with Juniper SRX1400
SInce IP phones connect over the network for its availability.The cause for restart is related session on the FW getting cleared. One cause of the restart could be VPn tunnel flapping to the Branch...
View ArticleRe: Srx mikrotik ospf
Change to p2p on both sides, on SRXset protocols ospf area 1.1.1.1 interface gr-0/0/0.0 interface-type p2pChange traceoptions to flag "all" run the test and search trace file for MTU. You should see...
View ArticleSSH Access via VPN Only
Is it possible to have two policies from the same zone to the same zone to only allow SSH access from the VPN range of address rather than from everywhere please? I will try and explain the issue: I...
View ArticleRe: more specific monitoring via automation for high-end SRX(s)
Well, a nice thought.In my view the best way to perform this would be a mix of python and shell scripts.As with python you need to use pyez/netconf for all aspects.Using shell scripts at a defined time...
View ArticleRe: SSH Access via VPN Only
if SSH access is working as you expect with one policy "application any", you can configure more specific policy to restrict the access. Make sure you place the specific policy above the any any policy.
View ArticleRe: SSH Access via VPN Only
You actually need three policies: 1-allow ssh from the desired subnets to desired sources2-deny ssh for any any2-your current allow all policy This will permit the desired ssh and deny all the other...
View ArticleRe: SSH Access via VPN Only
Hi Spuluka, So, I would need something like the following: set security policies from-zone Customer-Network to-zone radius-server policy test match source-address <VPN Address Range>set security...
View ArticleClik here to view.
Re: WAN to pfSense throug Juniper SRX240H
Big thank You for reply and ssory for delay of my answer. I try to add port 0/0/0.0 to VLAN, but i have an IP address, which was given to this logical port - at screen is 217.22.xxx.162/30.If i remove...
View Article