Re: RT_ALG_WRN_CFG_NEED
Hi all,I have persistent & consistent the following logs, it is being generating every 4 seconds. It seems that by default MSRPC is enabled.In order to get some logs via traceoptions about denied...
View ArticleRe: RT_ALG_WRN_CFG_NEED
Hello, I would suggest to not use the flag all in the flow traceoptions. This logs a lot of background noise. Use the traceoptions flag basic-datapath. Additionally, also setup the filter for anything...
View ArticleRe: Can SRX series work with Shrew Soft VPN client?
Hi to all,I'm configuring this in a SRX345 and I'm not able to mantain the tunnel activated and enable... The tunnel is disabled in about 60 seconds... I have configured the times for ike and Ipsec...
View ArticleRe: Can SRX series work with Shrew Soft VPN client?
I would start by changing the 180 ike timeout to something more usual like 3600.I suspect the very short duration is at least part of the issue.
View ArticleRe: SRX100 virtual instances routing to "wan"
Hello h3xv3x, Unfortunately, NAT is security feature and is NOT supported in the "PACKET MODE". Refer:-KB21697 If using NAT is the only possible solution in your environment, I will suggest you to use...
View ArticleAccount Works in SSH but not HTTP after Firmware Upgrade
This morning I upgraded our SRX100 firmware to the latest version available to us (12.1X46-D86). The upgrade completed successfully, though afterward I could no longer sign into the GUI (the GUI...
View ArticleZone_Communication
Hi All , I have some challenges with below setup kindly provide your valuable inputs to get going with the same Zone Name - Untrust Eth0/0Zone Name - Trust Eth0/3 & below are configure as sub...
View ArticleRe: Zone_Communication
Hi shaan129, Based on your explanation, and understanding you are using a SSG firewall, what you need to conifgure if MIP (static NAT):...
View ArticleRe: Zone_Communication
MIP (Static NAT) configuration will be similar to the following one: MIP Rule:set interface "ethernet0/5" mip 192.168.2.2 host 192.168.1.254 netmask 255.255.255.255 vr "[Virtual_Router]"...
View ArticleRe: Why i hate srx and will replace it with fortigate soon
SRX is highly vulnerable to file system error (like file system unclean after reboot due to power failure) that stops the boot sequence.
View ArticleRe: RT_ALG_WRN_CFG_NEED
Hi All,1-) This time I performed the following modified traceoptions and its output has showed that there is no any deny traffic that sourced and destinated 10.10.3.29 on srx. set security flow...
View ArticleRe: Account Works in SSH but not HTTP after Firmware Upgrade
Hi,Its same as this , already reported . https://forums.juniper.net/t5/SRX-Services-Gateway/Jweb-Incorrect-user-password-after-Junos-upgrade-on-SRX/m-p/462703#M53463 I see the same issue on an SRX...
View ArticleRe: RT_ALG_WRN_CFG_NEED
Hello, Thanks for taking that. My observations > The flow traceoptions ran for about 20mins and no drops seen> Flow processing shows the traffic passed> So definitely it is not dropped by the...
View ArticleRe: RT_ALG_WRN_CFG_NEED
Hi Arix, I believe that the SRX is definitely dropping those packets, however Im not sure if you will see that in the flow traceoptions file. The SRX is reporting that in order to let the packets pass...
View ArticleRe: RT_ALG_WRN_CFG_NEED
Forgot to mention that you could also configure the "junos-ms-rpc-any" application on your security-policy as the log states. Hope this helps.
View ArticleRe: Account Works in SSH but not HTTP after Firmware Upgrade
Hi pcamis, I believe this is a bug so if you are able to open a JTAC case it will be great. For testing purposes can you confirm if you have the following line in your configuration. If not, please add...
View ArticleRe: Account Works in SSH but not HTTP after Firmware Upgrade
Hi. We see the same on a couple of SRX210 devices, both SRX210H and SRX210HE. Is there only way to wait for a new firmware or is there some other way to solve this ?
View ArticleRe: Account Works in SSH but not HTTP after Firmware Upgrade
TRK, The issue also started when upgraded to 12.1X46-D86? Can you confirm the information I requested in my previous comment? As of now it looks like downgrading to previous junos version is the only...
View ArticleRe: Zone_Communication
Hi , The Routes are in place on both ends on End Router & also in SSG5 the only thing that is not happening is communication between 192.168.4.254 & 192.168.2.2(Actually 192.168.1.254) &...
View Article