Re: Filter ICMP Packets
Hi Guys!Thanks for all repply.The question is, The firewall do not have policies to drop any connections, The rules are just for VPN.I need allow only specific address can ping in my public IP...
View ArticleRe: Filter ICMP Packets
Hi, How does your LAN traffic reach the Internet? Is there any NAT and what is the NAT pool, is it the interface or a separate NAT pool?ping from LAN to Internet stopped most probably because return...
View ArticlePort Mirroring SRX 220H2
Hi! I need to do port mirroring on a SRX 220H2 locally (span one port to another on same firewall)ex: ge-0/0/7 (an AP ARUBA) trunk to an another port no used (where I will connect mi PC with WIRESHARK...
View ArticleClik here to view.
Re: Port Mirroring SRX 220H2
Hello, If i have understood your requirement correctly then you are trying to do port mirror of the interface ge-0/0/7 to another interface which is not used on SRX. the catch here is that the...
View ArticleOne-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
Does anyone have working SCTP over SRX345 (or any other branch SRX)?I'm trying to connect two diameter peers and it seems that the return traffic gets dropped by the firewall.The policy allows any...
View ArticleRe: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
Hi, It looks like the SRX is not detecting the application for this traffic and probably reading this as TCP packets. Dynamic application: junos:UNKNOWN_____________________________________________ The...
View ArticleRe: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
I was thinking about it but GPRS feature set seems to be unvailable on branch SRX345. My current policy allow any sctp traffic (there is junos-sctp-any pre-defined in JUNOS) Policy: Diameter,...
View ArticleRe: SRX IDP Local Updates
I guess this is a bit of an edge case. Since no one here has done it before, or can find the documentation (I did spend some time looking and could not.), I suggest you open a JTAC case with the...
View ArticleRe: Not Able to edit Source Prefix list
I think you are correct. I'm running 12.3X48-D30.7 in my lab here and I don't see any option to create or edit a prefix list. You can create policy and utilize existing prefix lists but you cannot...
View ArticleRe: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
Hi, The security policy sounds right as the application junos-sctp-any is IP protocol 132, i.e sctp.Apparently, an sctp profile is also required in the security policy configuration but am not sure its...
View ArticleRe: vSRX 15.1 D50 cannot add ge- interfaces
hello , If the interfaces are up and not responding on Vsrx for 15.1 release Vmware Esxiyou need to do the workaroubd for interface re ordering if more than 3 interfaces are selected...
View ArticleRe: Branch SRX as a DHCPv6 prefix delegation client?
I tried this tonight with 12.3X48-D30.7 and to my surprise, it appears to actually be working on my Comcast internet connection.
View ArticlevSRX 15.1 Pass-through Authentication Web Redirect Issue
Dear Members; Has an yone managed to setup pass-through authyentication with Web Redirect (http) on vSRX 15.1.... The browser correctlky redirects to the web authetication ip but displays no...
View ArticleRe: Not Able to edit Source Prefix list
hi steve, do you think this feature can be taken care of if Junos Space is used in managing the device? Sam
View ArticleRe: Not Able to edit Source Prefix list
Hi Sam, Space will definitely be able to do this, as it presents access the entire CLI structure (in the form of schema) for editing. The only downside is that this particular configuration isn't tied...
View ArticleRe: vSRX 15.1 Pass-through Authentication Web Redirect Issue
Hi, Please try removing the "web-redirect" from the pass-through section and check if a pop-up appears prompting for the username/password. Regards,Sahil...
View ArticleRemote web proxy with local IP address, FBF via tunnel?
Hi All,We use a remote desktop solution that is hosted in our DC where also the corporate web proxy solution resides. In one of our sites, there is a requirement of using an IP address registered...
View ArticleRe: One-way SCTP thru SRX345 on JunOS 15.1X49-D50.3
Hi Ashvin, Well, for some reason some sessions are getting thru and some are not.In the flow debug I see some errors, maybe it is relevant:Aug 1 11:56:07 11:56:06.291369:CID-1:RT:flow_ipv4_rt_lkup...
View ArticleRe: IPSec Tunnel on linux
yes, I just found out that they are running ubuntu 16, do you know of any application that does this or the default firewall will work?
View Article