Quantcast
Channel: All SRX Services Gateway posts
Browsing all 17645 articles
Browse latest View live

Re: QOS/COS, best effort doesn't transmit

Sorry about last postQOS/COS seem fine on the ge-0/0/0 . ge-0/0/0 is the internet interface.No help needed there as of yet. This is one of the AP's on ge-0/0/13 .  ge-0/0/13 { gigether-options {...

View Article


Re: QOS/COS, best effort doesn't transmit

Hello Eugene, understood the flow now, if this does not work on output interface like ge-0/0/13 then I suspect this could be related to scheduler map. I guess you would have below forwarding class...

View Article


Re: QOS/COS, best effort doesn't transmit

Hello Eugene, understood the flow now, if this does not work on output interface like ge-0/0/13 then I suspect this could be related to scheduler map. I guess you would have below forwarding class...

View Article

Re: QOS/COS, best effort doesn't transmit

I can do that yes but here is my next questions.1. Doesn't the default have this set?2. Is the default INPUT only?3. Does setting commands in the clicontrol OUTPUT?I have not set anything in...

View Article

Re: SRX340 - Prioritize VPN traffic

Apologise to everyone for not having spaces and paragraphs in my topic, by some reason they were removed during posting. Hi stwardlp, We use SRX at the client main office, but DB is in Cloud "iLand",...

View Article


NAT Configuration Question

Hi, I have an SRX 1400 cluster and I can't find any config snip to perform the following NAT. I have an internal machine on 10.10.12.50 (TRUST) and I want to source NAT this to 195.24.23.19 (UNTRUST)...

View Article

Re: NAT Configuration Question

Hi Merlo, My understanding is that you do not want the ports to translate for the bi-directional traffic but only the IP's to translate such as: Source IP 10.10.12.50 (TRUST) to translate to...

View Article

Re: NAT Configuration Question

Hi Merlo, My understanding is that you do not want the ports to translate for the bi-directional traffic but only the IP's to translate such as: Source IP 10.10.12.50 (TRUST) to translate to...

View Article


Re: NAT Configuration Question

You may use following configuration: set security nat static rule-set TEST from zone UNTRUST set security nat static rule-set TEST rule one match destination-address 195.24.23.19/32 set security nat...

View Article


Re: NAT Configuration Question

Hello Merlo, Your requirement sounds like classic STATIC NAT. Correct me if I missed something here. Possible Topology: - 10.10.12.50 --------- (TRUST) SRX (UNTRUST) ----------- INTERNET. Requirement:...

View Article

Re: How to prefer BGP route over IPsec VPN generated static route

this is not true for ARI in Traffic-selector , even though we change preference in Static route manually, ARI takes its default value : 5. wrote:I think in that case you would need to set the default...

View Article

Vulnerability Patches for SRXs on 12.3X48 after EOE (End of Engineering)

Does EOE mean that Juniper will not release patches for Security vulnerabilites for the time period between EOE and EOS as is listed below for example the SRX3400 on 12.3X48? I need to know if I need...

View Article

Re: Vulnerability Patches for SRXs on 12.3X48 after EOE (End of Engineering)

Yes, you are right. After EOE, JTAC support will generally be limited to investigation and troubleshooting in an attempt to provide solutions, configuration guidelines and workarounds....

View Article


IPsec

Hi all,The current conf has a statement of  "set security flow tcp-mss all-tcp mss 1450". But I want to assign a more specific tcpmss value for the IPsec traffic on the srx device, so I will use "set...

View Article

Re: IPsec

If all the four TCP MSS options are configured simultaneously, then the order of preference is as follows: If TCP packet enters an IPsec VPN tunnel, then an ipsec-vpn mss value has high priority over...

View Article


Re: IPsec

If all the four TCP MSS options are configured simultaneously, then the order of preference is as follows: * If TCP packet enters an IPsec VPN tunnel, then an ipsec-vpn mss value has high priority over...

View Article

Re: Why traffic is very slow over ipsec

Arix, Can verify whether or not "replay errors" counter is incrementing via twice running the command "show security ipsec statistics"  

View Article


Re: Error during the update SRX4600 cluster

ANFAFFM, Which version are you upgrading from, via ISSU to 18.4R1.8  on 4600  ? . We may have a known software issue around this. 

View Article

Re: how to specifically locating a new creating security policy in the sec...

you can do, "show configuration security policy policy XYZ"  , "show security policies" or show security policies detial"  to find out which policies are already configured, prior to commiting a new one.

View Article

Re: Jweb Incorrect user/password after Junos upgrade on SRX

can you do show system core-dumps to verify if there was any outout related to httpd process crashed. we can try restarting httpd process using command "restart web-management"

View Article
Browsing all 17645 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>