Re: QOS/COS, best effort doesn't transmit
Sorry about last postQOS/COS seem fine on the ge-0/0/0 . ge-0/0/0 is the internet interface.No help needed there as of yet. This is one of the AP's on ge-0/0/13 . ge-0/0/13 { gigether-options {...
View ArticleRe: QOS/COS, best effort doesn't transmit
Hello Eugene, understood the flow now, if this does not work on output interface like ge-0/0/13 then I suspect this could be related to scheduler map. I guess you would have below forwarding class...
View ArticleRe: QOS/COS, best effort doesn't transmit
Hello Eugene, understood the flow now, if this does not work on output interface like ge-0/0/13 then I suspect this could be related to scheduler map. I guess you would have below forwarding class...
View ArticleRe: QOS/COS, best effort doesn't transmit
I can do that yes but here is my next questions.1. Doesn't the default have this set?2. Is the default INPUT only?3. Does setting commands in the clicontrol OUTPUT?I have not set anything in...
View ArticleRe: SRX340 - Prioritize VPN traffic
Apologise to everyone for not having spaces and paragraphs in my topic, by some reason they were removed during posting. Hi stwardlp, We use SRX at the client main office, but DB is in Cloud "iLand",...
View ArticleNAT Configuration Question
Hi, I have an SRX 1400 cluster and I can't find any config snip to perform the following NAT. I have an internal machine on 10.10.12.50 (TRUST) and I want to source NAT this to 195.24.23.19 (UNTRUST)...
View ArticleRe: NAT Configuration Question
Hi Merlo, My understanding is that you do not want the ports to translate for the bi-directional traffic but only the IP's to translate such as: Source IP 10.10.12.50 (TRUST) to translate to...
View ArticleRe: NAT Configuration Question
Hi Merlo, My understanding is that you do not want the ports to translate for the bi-directional traffic but only the IP's to translate such as: Source IP 10.10.12.50 (TRUST) to translate to...
View ArticleRe: NAT Configuration Question
You may use following configuration: set security nat static rule-set TEST from zone UNTRUST set security nat static rule-set TEST rule one match destination-address 195.24.23.19/32 set security nat...
View ArticleRe: NAT Configuration Question
Hello Merlo, Your requirement sounds like classic STATIC NAT. Correct me if I missed something here. Possible Topology: - 10.10.12.50 --------- (TRUST) SRX (UNTRUST) ----------- INTERNET. Requirement:...
View ArticleRe: How to prefer BGP route over IPsec VPN generated static route
this is not true for ARI in Traffic-selector , even though we change preference in Static route manually, ARI takes its default value : 5. wrote:I think in that case you would need to set the default...
View ArticleVulnerability Patches for SRXs on 12.3X48 after EOE (End of Engineering)
Does EOE mean that Juniper will not release patches for Security vulnerabilites for the time period between EOE and EOS as is listed below for example the SRX3400 on 12.3X48? I need to know if I need...
View ArticleRe: Vulnerability Patches for SRXs on 12.3X48 after EOE (End of Engineering)
Yes, you are right. After EOE, JTAC support will generally be limited to investigation and troubleshooting in an attempt to provide solutions, configuration guidelines and workarounds....
View ArticleIPsec
Hi all,The current conf has a statement of "set security flow tcp-mss all-tcp mss 1450". But I want to assign a more specific tcpmss value for the IPsec traffic on the srx device, so I will use "set...
View ArticleRe: IPsec
If all the four TCP MSS options are configured simultaneously, then the order of preference is as follows: If TCP packet enters an IPsec VPN tunnel, then an ipsec-vpn mss value has high priority over...
View ArticleRe: IPsec
If all the four TCP MSS options are configured simultaneously, then the order of preference is as follows: * If TCP packet enters an IPsec VPN tunnel, then an ipsec-vpn mss value has high priority over...
View ArticleRe: Why traffic is very slow over ipsec
Arix, Can verify whether or not "replay errors" counter is incrementing via twice running the command "show security ipsec statistics"
View ArticleRe: Error during the update SRX4600 cluster
ANFAFFM, Which version are you upgrading from, via ISSU to 18.4R1.8 on 4600 ? . We may have a known software issue around this.
View ArticleRe: how to specifically locating a new creating security policy in the sec...
you can do, "show configuration security policy policy XYZ" , "show security policies" or show security policies detial" to find out which policies are already configured, prior to commiting a new one.
View ArticleRe: Jweb Incorrect user/password after Junos upgrade on SRX
can you do show system core-dumps to verify if there was any outout related to httpd process crashed. we can try restarting httpd process using command "restart web-management"
View Article