a factory default security policy
Hello, I was reading the srx juniper documentation regarding security policies and it was stated:For SRX300, SRX320, SRX340, SRX345, and SRX550M devices, a factory default security policy is provided...
View ArticleRe: a factory default security policy
Hello Suli, The SRX series devices ships with the factory default configuration which contains DHCP, Auto-installation, Basic security policies etc. Most of them will delete the default configuration...
View ArticleClik here to view.
j-flow monitoring on srx cluster - top talkers
Hello,I would like to configure J-flow on SRX300 Cluster to monitor bandwith top users on PRTG.It shows mixed traffic on PRTG since I have two outgoing connection one for Internet and one for WAN...
View ArticleRe: j-flow monitoring on srx cluster - top talkers
netflow/jflow only generates per interface statistics that are sent to the analysis server. the reporting engine to corolate and report on things like top talkers is a server function. So if your...
View ArticleRe: a factory default security policy
Thank u this is the best explaination. 2. i would also like to have inside to have acces to the internet.A:I'm not sure which is your inside zone, so I can't comment about it. However, you can follow...
View ArticleRe: a factory default security policy
Hi Suli, If you allowed even SSH and HTTPS on the Untrust side, it is a security flaw. Do you have any connections originating over the Internet for pass-through traffic?
View ArticleRe: Dynamic VPN Configuration (SRX 340)
I checked the security this morning and here is the output: Allowed host-inbound traffic : dhcp tftp https ike ping ssh I've not created any firewall rules or filters for the public IP address. The...
View ArticleRe: Dynamic VPN Configuration (SRX 340)
With Wireshark I see the initial connection attempt, while waiting on a response from the SRX I do get 4 TCP retransmissions, but I am not sure if that is relavant. After about 15 seconds I get a RST,...
View ArticleRe: Dynamic VPN Configuration (SRX 340)
Hi Michael, Do you have Destination NAT or Static NAT on port 443 for the public IP address to which you're connecting the VPN? Open browser, type https://<public ip address> and let me know...
View ArticleRe: Dynamic VPN Configuration (SRX 340)
I do not. To be honest, looking at some videos I thought I would get the login to download the Pulse Secure client (based on a video a found while searching the web), but after a few seconds it just...
View ArticleRe: Why there is no feature log-prefix
Hi Arix, The source-address is mandatory when you send the Syslog out of the SRX. So, whenever you're using the line "set security log stream S1 host <ip-address>" you need to specify...
View ArticleRe: Dynamic VPN Configuration (SRX 340)
Hi Michael, Can you please share your configuration in display-set format so that I can take a look?
View ArticleRe: Dynamic VPN Configuration (SRX 340)
Certainly, please find the requested configuration attached. I have gone through and replaced any network\naming configurations with < > to obfuscate any specific data, but if there is...
View ArticleRe: Panel LED Frontal blinking RED - Online MX
Thanks for the return Apaniagua,I see some core dumps but they are old problems. Follows the requested logs.> show system core-dumps /var/crash/*core*: No such file or directory-rw-rw---- 1 root...
View ArticleRe: Panel LED Frontal blinking RED - Online MX
Thanks for the return shijot,Could this failure be any software / release failure I'm producing?Follows the requested commands.> show system core-dumps /var/crash/*core*: No such file or...
View ArticleDynamic VPN (SRX300)
Good Afternoon Everyone! I recently encountered a Dynamic VPN issue that has me scratching my head after upgrade a branch office to the SRX300. I followed these instructions to create an IPSEC VPN...
View ArticleRe: Dynamic VPN Configuration (SRX 340)
Yes, No destination nor static NAT rule are affecting the traffic. Chances are that packets from your PC are not reaching the SRX or that a device in between is dropping them and replying instead....
View ArticleRe: Dynamic VPN Configuration (SRX 340)
Could you add ge-0/0/0 under web-management and try a commit full? # set system services web-management https interface ge-0/0/0# commit full Can you provide a "show version" as well?
View ArticleRe: Dynamic VPN (SRX300)
Hi ajwilder The configuration on the document you shared will only work if you use Pulse. If you are planning to establish a regular site-to-site VPN between the SRX and another device then you need to...
View ArticleRe: Dynamic VPN Configuration (SRX 340)
Depending on your version, you might want to change the following line: set security ike gateway dyn-vpn-local-gw xauth access-profile dyn-vpn-access-profile With the following set security ike gateway...
View Article