Clik here to view.
Re: PPPoE Session Disconnection
Hello TheDisciple, The disconnects are sometime a few seconds apart and sometimes a day or two apart. They seem completely random. Really annoying Thank you though! Out of interest how would I see...
View ArticleRe: State Invalid on user-authentication with Active Directory
Do we know if the AD was connected when the issue happens? Also is this issue specific to this user?show services user-identification active-directory-access domain-controller status
View ArticleSRX DESTIONATION NAT (PROXY ARP?)
THE INTERNET /28 & /32 ---------------(untrust public interface)SRX(ADMIN_DMZ)--------------INTERNAL_SERVER Im having an issue configuring destination NAT, if someone can give a hand it'd be...
View ArticleRe: Dynamic Traffic Shaping
Do you wanna devide that 100M to 80 and 20, for traffic going out to internet or traffic coming to SRX from internet?
View ArticleRe: SRX DESTIONATION NAT (PROXY ARP?)
Ideally you dont need proxy ARP here as this segment (HE INTERNET /28 & /32 ---------------(untrust public interface)SRX) is not falling under (65.x.x.x ADMIN_DMZ) subnet. Are you able to access...
View ArticleRe: IP Sec site-to-site VPN Poor performance
"set security flow tcp-session no-sequence-check" will be useful for TCP, but is your traffic TCP or UDP?
View ArticleRe: Can someone confirm whether Juniper IPS has signature for Monero Mining...
Can you try "file show /var/db/idpd/sets/Recommnded.set | find "BIT-COIN-MINING" ref: https://kb.juniper.net/InfoCenter/index?page=content&id=KB27134
View ArticleRe: SRX DESTIONATION NAT (PROXY ARP?)
Hi there, Proxy arp is ONLY needed when you want to receive traffic for an IP which is not configured on the ingress interface but falls in the same subnet. e.g. Let interface address be 1.1.1.1/24 and...
View ArticleRe: SRX DESTIONATION NAT (PROXY ARP?)
AFAIK, SRX will do reverse route lookup for the source IP, which is from internet and is reachable via untrust zone only. So I belive it may not be related to return route issue. But collecting traces...
View ArticleRe: IP Sec site-to-site VPN Poor performance
Hello Sagar, It appears that you are getting very low throughput irrespective of VPN. You may like to check if the ISP is throttling your bandwidth or the line has any significant drops. If you are not...
View ArticleRe: Can someone confirm whether Juniper IPS has signature for Monero Mining...
Hi rsuraj, Many thanks
View ArticleRe: SRX 300 - VLANS on "untrust" zone and NAT
Hi all, Thanks for all of you for responding. Sorry for late response, I had some issues with my account and I had to create an another one. sagarbairagiYour G/W is 10.0.0.14 and LAN is 10.2.4.0/24....
View ArticleRe: SRX 300 - VLANS on "untrust" zone and NAT
I did some config adjustments as per your advice.There seems that nat flow sessions are OK. But, the detailed traceoptions suggest that there is no response from SRV to UNTRUST. Regards
View ArticleSRX 550 - NAT
Hi!I am trying to configure a static nat for my secondary assigned IPs (200.200.200.64/27) which were routed to my primary IP (200.200.200.44) by my isp.The outbound is working but the inbound is not....
View ArticleRe: SRX 550 - NAT
Do you have an address book entry named 200.200.200.66? If not, I would suggest using 'destination-address 200.200.200.66/32' instead of destination-address-name which looks for entries in the address...
View ArticleRe: SRX 550 - NAT
Hello, thanks for answering, I did actually have the address in the address book but I changed it anyway and it looks like this now: static { rule-set mgmt { from zone Internet; rule mgmt { match {...
View ArticleRe: SRX 550 - NAT
Could you please share output from 'show security nat static rule all' ? and can you confirm that you can access the internal host on the relevant port/service? Maybe just confirm that ping is working...
View ArticleRe: SRX 550 - NAT
Here it is:Total static-nat rules: 1 Total referenced IPv4/IPv6 ip-prefixes: 2/0 Static NAT rule: mgmt Rule-set: mgmt Rule-Id : 1 Rule position : 1 From zone : Internet Destination addresses :...
View ArticleRe: SRX 550 - NAT
Try enabling packet tracing to see where in the packet processing steps the inbound packets are being dropped. Try something like this: set security flow traceoptions file TESTset security flow...
View ArticleRe: SRX 550 - NAT
Also, why do you have this static route? route 10.20.10.0/24 next-hop 10.20.10.1;You should have a direct route for 10.20.10/24 via vlan.1, with a better preference so it shouldn't matter, but I was...
View Article