Re: snapshot commands difference
Hi F1gh3r, Thanks for your reply. I have checked on SRX550 and you are right the behaviour is the same as SRX345. Regards to below process: Formatting alternate root (/dev/da0s1a)...Copying...
View ArticleSRX jsrpd log messages
Hello Has anyone came into this kind of issue? Jan 14 12:47:16 SUP-FW-SRX650B jsrpd[1323]: JSRPD_RG_STATE_CHANGE: Redundancy-group 2 transitioned from 'primary' to 'secondary-hold' state due to...
View ArticleMeaning of message: CID-0:RT:get NULL sess plugin info?
Hello all,I'm troubleshooting an issue of some traffic not successfully making it to a destination, and the only difference in the security flow logs between a working and non-working flow is the...
View ArticleRe: Issue with setting up network admin Auth via. ldap/NPS
Hi HJH,Can you share switch and NPS config?vSRX - did you configure source-address? If your NPS logging is correctly set, you can see errors if the source-address does not match with what is set on...
View ArticleRe: snapshot commands difference
Hi CP1, correct, da0s2a is the primary and da0s1a is the backup. These are just partitions, which are stored on the physical internal CompactFlash card. So if the CompactFlash card is faulty, both...
View ArticleClik here to view.
Re: SRX jsrpd log messages
Hi Abed Al-R, These messages are indicating events about failover that happened in SRX cluster nodes, the jsrpd process handles the Chassis cluster events. When one node is rebooting, it performs a...
View ArticleSRX chassis cluster - DHCP server does not work
Hello, I configured DHCP server on a chassis cluster (SRX340) but it doesn't work. Here's my configuration: root@SRX1# show system services dhcp-local-server group office { interface reth0.10; }...
View ArticleRe: SRX jsrpd log messages
Hi Thanks for your replyBut bot nodes were not rebootedBoth is up all the timeI check the uptime and it is OK on both cluster members I have three reth interfaces , and those logs shows only on two...
View ArticleQuestion re Migrating DMZ from Old Router to New SRX General Advice
Greetings,We have an old EdgeRouter that we're upgrading to an SRX.We have an mid-size network with 100 workstations and 20 servers, some servers are public facingWe have a split-view DNS system for...
View ArticleSRX Internet Failover setup
Hi all, I am not sure if a rpm based failover can be achieved in such a static setup. The scenario is as follows:Subnets A to G are internal and go through ISP link 1. There is a Zscalerredirect filter...
View ArticleRe: SRX Internet Failover setup
I think this kb article on using FBF (filter based forwarding) for the dual ISP with failover should work in your scenario. https://kb.juniper.net/InfoCenter/index?page=content&id=KB22052
View ArticleRe: SRX chassis cluster - DHCP server does not work
I see some dropped dhcp packets: root@SRX1# run show dhcp server statistics Packets dropped: Total 193 No available addresses 193 Offer Delay: DELAYED 0 INPROGRESS 0 TOTAL 0 Messages received:...
View ArticleRe: SRX chassis cluster - DHCP server does not work
Hello,Please remove this line from Your config propagate-settings reth0.10; This for scenarios when You have DHCP client on untrust interface and You want Your trust zone clients to have the same...
View ArticleRe: SRX chassis cluster - DHCP server does not work
Your DHCP pool will only be matched for your primary IP address on the interface. In this case I suspect your X.X.X.X/24 is the primary address... and you don't have a DHCP pool for this prefix. Try...
View ArticleRe: Question re Migrating DMZ from Old Router to New SRX General Advice
Hi A.Vanson Some points I consider important: It is important you understand every feature configured on the old router and if possible test the funtionality of the same features in the SRX before...
View ArticleStore a prefix-list in a file and reference it instead of storing full...
Hi folks, Is there a way to store or reference a file that has a list of prefixes that I can reference in the configuration but not store it in the configuration? The idea here, is that I want to...
View ArticleRe: Question re Migrating DMZ from Old Router to New SRX General Advice
Thanks for your reply, @epaniagua,In order to do this in a gradual manner, by changing our DNS first before moving complety to the new router, is this feasible?NEW IP from Internet --> SRX -->...
View ArticleRe: Store a prefix-list in a file and reference it instead of storing full...
Hi archjeb, I'm not using GeoIP blocking, however, it seems that Juniper has an additional product to support this natively, named "Juniper Advanced Threat Prevention":...
View Article