Re: Restrict access to GUI web interface?
Hi, In addition to what Pulkit sugegsted, you can also apply a firewall filter after creating a loopback interface on the SRX.In the filte, you can allow only specific IP addresses from where you want...
View ArticleRe: Done;AI installation failed! Attack DB update failed! SRX100H2
Glad you have it working again. But I sure hope you don't need to do that for every database download.
View ArticleRe: Restrict access to GUI web interface?
For an SRX as a secruity device the best way to restrict self traffic is the method that Pulkit points out. This uses session aware security policies. the firewall filter method is more aimed at...
View ArticleRe: Restrict access to GUI web interface?
Hi, As soon as a packet enters the SRX, the first thing which gets checked is the filter, the security policy comes after checking a few other things...
View ArticleSRX210 tunnel ipip
I'm doing a PoC for a customer who connects to his remote offices via tunnel IP over IP.I just realised the SRX 210 I am to use has just one tunnel ipip interface; ip-0/0/0 and the customer has...
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hi, I do not see any drops on the SRX for this flow. Did you try what Pulkit suggested earlier ? "set security alg sip retain-hold resources" Regards,Sahil...
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hi, To add on, please capture the reverse flow as well in the traceoptions and we would be able to see if it is getting dropped. Regards,Sahil...
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hi, somehow teh reverse flow is empty. See attached. This is what my capture is like: set security flow traceoptions file sipDebug1017set security flow traceoptions flag basic-datapathset security flow...
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hey guys, i have done the following: delete security alg sip disableset security alg sip retain-hold-resource This has solved the issue. Thanks for this. However, i am afraid that this will bring back...
View ArticleClik here to view.
Re: SRX 110 - SIP call cannot resume from on-hold
Ive already had to restore the "set security alg sip disable" command as after a while i could not call my extention
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hello, If i have understood correctly you have got the SIP ALG disabled and opened all the ports for communication manually through security policies. Please correct me if i am wrong. If the above is...
View ArticleRe: SRX 110 - SIP call cannot resume from on-hold
Hello, Adding to my above comment, There is also a bug with ALG feature which causes ALG not to function as expected and probably it could be the reason that when you enable SIP ALG then you are not...
View ArticleAggravating SRX filter-based-forwarding limitation - still an issue?
I'm wondering if newer versions of Junos can overcome the limitation described below or if anyone has any conceptual ideas on how to simplify what I had to do below. Our SRX210 cluster setup has to be...
View Articlesrx web application where to start
Hi all I have this idea but I am not sure where to start. I would like a webapp that takes the following: source IP, dest IP, applications, and scheduled expirary date and generate the FW commands for...
View Articleaddress/address-set under nat destination
Hi everybody.I; struggling to understand what is wrong with my conf.I'm configurig a nat destination rule:set security nat destination rule-set PFW-RASPI rule PFW-8080 match source-address-name...
View ArticleRe: address/address-set under nat destination
Hi, You have defined that address set under the YOTI-OFFICE address book and not the global one. Please change it to the following :- set security address-book global address-set ASET-YOTI-OFFICE...
View ArticleRe: address/address-set under nat destination
Regarding your second question, here is the packet flow for the SRX :-http://kb.juniper.net/InfoCenter/index?page=content&id=kb16110&actp=search Depending on the type of NAT, Junos gives the...
View ArticleRe: srx web application where to start
Hi, Are you looking for Jweb to configure security policies and other stuff for you on the SRX ? Regards,Sahil Sharma---------------------------------------------------Please mark my solution as...
View ArticleSRX doesn't resolve internet domain names
I don't know why, but apparently my SRX can't resolve internet domain names, for example www.juniper.netI realized this because I created a policy to block some internet pages, but this policy never...
View ArticleHow often are domain names updated in address book?
I've noticed that the SRX allows domain names to be added to the address book, as follows: security-zone untrust { address-book { address SomeHost { dns-name example.com; } But how often will the...
View Article