Quantcast
Browsing all 17645 articles
Browse latest View live

Re: Restrict access to GUI web interface?

Hi, In addition to what Pulkit sugegsted, you can also apply a firewall filter after creating a loopback interface on the SRX.In the filte, you can allow only specific IP addresses from where you want...

View Article


Re: Done;AI installation failed! Attack DB update failed! SRX100H2

Glad you have it working again.  But I sure hope you don't need to do that for every database download.

View Article


Re: Restrict access to GUI web interface?

For an SRX as a secruity device the best way to restrict self traffic is the method that Pulkit points out.  This uses session aware security policies. the firewall filter method is more aimed at...

View Article

Re: Restrict access to GUI web interface?

Hi, As soon as a packet enters the SRX, the first thing which gets checked is the filter, the security policy comes after checking a few other things...

View Article

SRX210 tunnel ipip

I'm doing a PoC for a customer who connects to his remote offices via tunnel IP over IP.I just realised the SRX 210 I am to use has just one tunnel ipip interface‎; ip-0/0/0 and the customer has...

View Article


Re: SRX 110 - SIP call cannot resume from on-hold

Hi, I do not see any drops on the SRX for this flow. Did you try what Pulkit suggested earlier ? "set security alg sip retain-hold resources"  Regards,Sahil...

View Article

Re: SRX 110 - SIP call cannot resume from on-hold

Hi, To add on, please capture the reverse flow as well in the traceoptions and we would be able to see if it is getting dropped. Regards,Sahil...

View Article

Re: SRX 110 - SIP call cannot resume from on-hold

Hi, somehow teh reverse flow is empty. See attached. This is what my capture is like: set security flow traceoptions file sipDebug1017set security flow traceoptions flag basic-datapathset security flow...

View Article


Re: SRX 110 - SIP call cannot resume from on-hold

Hey guys, i have done the following: delete security alg sip disableset security alg sip retain-hold-resource This has solved the issue. Thanks for this. However, i am afraid that this will bring back...

View Article


Image may be NSFW.
Clik here to view.

Re: SRX 110 - SIP call cannot resume from on-hold

Ive already had to restore the "set security alg sip disable" command as after a while i could not call my extention

View Article

Re: SRX 110 - SIP call cannot resume from on-hold

Hello,  If i have understood correctly you have got the SIP ALG disabled and opened all the ports for communication manually through security policies. Please correct me if i am wrong. If the above is...

View Article

Re: SRX 110 - SIP call cannot resume from on-hold

Hello,  Adding to my above comment, There is also a bug with ALG feature which causes ALG not to function as expected and probably it could be the reason that when you enable SIP ALG then you are not...

View Article

Aggravating SRX filter-based-forwarding limitation - still an issue?

I'm wondering if newer versions of Junos can overcome the limitation described below or if anyone has any conceptual ideas on how to simplify what I had to do below. Our SRX210 cluster setup has to be...

View Article


srx web application where to start

Hi all I have this idea but I am not sure where to start. I would like a webapp that takes the following: source IP, dest IP, applications, and scheduled expirary date and generate the FW commands for...

View Article

address/address-set under nat destination

Hi everybody.I; struggling to understand what is wrong with my conf.I'm configurig a nat destination rule:set security nat destination rule-set PFW-RASPI rule PFW-8080 match source-address-name...

View Article


Re: address/address-set under nat destination

Hi, You have defined that address set under the YOTI-OFFICE address book and not the global one. Please change it to the following :- set security address-book global address-set ASET-YOTI-OFFICE...

View Article

Re: address/address-set under nat destination

Regarding your second question, here is the packet flow for the SRX :-http://kb.juniper.net/InfoCenter/index?page=content&id=kb16110&actp=search Depending on the type of NAT, Junos gives the...

View Article


Re: srx web application where to start

Hi, Are you looking for Jweb to configure security policies and other stuff for you on the SRX ? Regards,Sahil Sharma---------------------------------------------------Please mark my solution as...

View Article

SRX doesn't resolve internet domain names

I don't know why, but apparently my SRX can't resolve internet domain names, for example www.juniper.netI realized this because I created a policy to block some internet pages, but this policy never...

View Article

How often are domain names updated in address book?

I've noticed that the SRX allows domain names to be added to the address book, as follows: security-zone untrust { address-book {  address SomeHost { dns-name example.com; } But how often will the...

View Article
Browsing all 17645 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>