SRX320 End of Support/End of Life Confirmation
Good afternoon, I am trying to pin down information regarding the SRX320 device. We are being told we have to replace this device because it is coming up on end of support (EOS)/end of life (EOL). I...
View ArticleTraffic to node 1 is blocked when HA data plane is in active-active mode
Hi, all, Let me copy&paste this KB article, because it directly relates to my question:SUMMARY: This article explains why traffic that goes to node 1 is blocked when HA data plane is running in...
View ArticleSetting the TTL for DNS Records Stored in the SRX's Cache from Security...
Hi All, I am using DNS for some address book entries used in security policies. However, I am repeatedly running into issues where the cached resolution of the hostname on the SRX is different from...
View ArticleClik here to view.
Re: SRX320 End of Support/End of Life Confirmation
Hi klackey, I would recommend you verify and clarify if what is going EoL is the hardware or the software you are running because if the hardware is not published on the link you shared that means...
View ArticleRe: Traffic to node 1 is blocked when HA data plane is in active-active mode
By default in Cluster, data plane mode is in active-active mode, regardless of user configuration.root@srx> show chassis cluster information...
View ArticleRe: Traffic to node 1 is blocked when HA data plane is in active-active mode
Thank you so much, I only have one redundancy-group (besides redundant group 0, of course), but the reboot part is a bummer.
View ArticleBetreff: SRX320 End of Support/End of Life Confirmation
Hello klackey, SRX320 is definitely not EOL, as this is the most current Juniper SRX branch platform, there is no successor available. Here you can check if your used JUNOS release is EOE or EOL:...
View ArticleRe: SRX320 End of Support/End of Life Confirmation
Maybe they confused this with the SRX220. That one is EOL for sure.
View ArticleRe: Setting the TTL for DNS Records Stored in the SRX's Cache from Security...
Hi, This issue of SRX cached resoltuion of hostname being different from the actual IP when traffic is received happens mostly in case of the TTL of the resolved address being very low. There is a...
View ArticleMTU change potentially?
Hi,I have a layer 2 WAN link I’ve connected to some 4100 SRX firewalls (at either end). I added a VPN to this link for protection ... all working fine except I don’t see the speed being what we should...
View ArticleRe: MTU change potentially?
Hello,I suggest You do packet captures first to see if there is IPSEC post-fragmentation (fragmentation after encryption) - this is usually the IPSEC perf killer.If yes then You need to lower TCP MSS...
View ArticleRe: MTU change potentially?
Thank youI’ve done a bit more testing; I can see one way the full 1Gbps is being utilised. It’s the other way which is getting slowed to 100Mbps. I also looked at the IPSEC statistics and the ESP...
View ArticleClik here to view.
Re: MTU change potentially?
Hello, wrote: the ESP authentication failures are very large. Would this fit in with your above narrative? If fits perfectly _IF_ Your IPSEC gets post-fragmented and Your circuit provider drops...
View ArticleRe: Range of Port - JUNIPER SRX300
You will need to create a custom application that includes your desired port range either tcp or udp as needed before you can create the rule itself. You can follow the process of creating the custom...
View Articlelooking for download URL of antivirus updates on SRX4100
Hi every bodyim a cisco expert and its my first experince with junipper .i have a pair of srx4100 in my network in front of my Cisco FTD .ufortunently my network is isolated and no internet connection...
View ArticleRe: SRX 1-1 static NAT on backup ISP routing not working as expected on ISP...
Sorry for the delay in response, been a little busy here but had some time today to generate the sample config in my lab. What I assume you need here is inbound connections from internet to your...
View ArticleRe: Some SRX110 Network Addresses Reply to ICMP
Thanks for the clarification, I'm not able to duplicate that behavior in my lab and your understanding is correct. The SRX should only reply to ping of configured interface addresses directly not the...
View ArticleRe: SRX 1-1 static NAT on backup ISP routing not working as expected on ISP...
Thanks for reply, I think you misread my issue, my issue is outbound packets not going through IP address which had NAT even though I have dedicated IPs from both ISP.Example : 192.168.1.0 is my server...
View ArticleIs QOS / COS / VPN Session affinity configurable to maintain stability of VPN...
Hi All, Would like to know if QOS / COS / VPN Session affinity configurable to maintain a consistent stable connection for pulse secure VPN with the SRX 240 being SSL VPN server ? The SRX240 is the...
View ArticleClik here to view.
IPSEC between SRX and Fortinet not coming up
HI Team,i'm new with ipsec, trying to setup a IPSEC vpn between fortinet and SRX but it is not working . i have captured the packet and found that SRX is not initiating ike communication. configuration...
View Article