Re: New install - Testing worked, implementation broke
Hello, DaleM wrote:We have a /29 from comcast and currently use two of the addresses in production.<skip>Steps to install.Disconnected the current router.Attached ge-0/0/4 to our current network....
View ArticleRe: SRX Dual-ISP Issue
What about if I create the RI in forwarding mode, like that: rib-groups { ISP1-to-ISP2 { import-rib [ inet.0 ISP1.inet.0 ISP2.inet.0 ]; } } forwarding-table { export LOAD-BALANCE; } } policy-options {...
View ArticleRe: SRX Dual-ISP Issue
Hi, This is a slightly changed design in forwarding instance-type as interfaces cannot be configured under forwarding instance.Then the WAN [to MPLS] interfaces would be inet.0? I am still trying to...
View ArticleSRX : IDP Match SIP User-Agent?
Is there a way to write a custom signature for the IDP which will match a User-Agent field? You have the built in contexts such as SIP-HEADER-ANY but none of the built in ones that I have tried will...
View ArticleMoving to LACP port-channel without downtime
Hi ,I have a couple of SRX 3600 in cluster configuration , and in a reth one interface per node.Since this interface is saturated I want to move the reth with single interface to a port-channel.This...
View ArticleSRX240 Chassis unable to commit
I have a SRX240 cluster that is unable to commit any changes. We have found a few problems, that include: /cf/var: write failed, filesystem is full>> I issued a request system cleanup, however...
View ArticleMoving from SRX210 to SRX220
I have had a SRX210 up and running in production for a few years now. Works great, been able to get it to everything I could want dual ISP routing, vpns, vlans, etc. I picked up a SRZX220 because the...
View ArticleRe: How to configure sll proxy in VSRX
Hello, Does the file you are trying to load contain certificate chain (root CA + intermediate CA)?If yes, can you split it into two certificates & load it with two distinct CA profiles? Regards, Rushi
View ArticleRe: SRX240 Chassis unable to commit
What kind of logging are you running? Can you provide the output of show configuration | match traceoptions | display setshow conf security log show conf system syslog Regards,Anand
View ArticleRe: Moving from SRX210 to SRX220
Hi, you have possibly hit this bug: https://prsearch.juniper.net/InfoCenter/index?page=prcontent&id=PR1135780 I had the same on a SRX240 with 12.1X46-D40 and JTAC asked me to upgrade to D45 or...
View ArticleRe: SRX240 Chassis unable to commit
Hi, Restart the httpd process using :- >show system processes extensive (Note down the PID of httpd)>start shell%kill -6 <PID> The clear the log files and check if the httpd log fills up...
View ArticleRe: Moving from SRX210 to SRX220
Hi, Jonas is correct. Dynamic VPN does not work on D40 due to the bug. Upgrading would resolve the issue for you. Regards,Sahil Sharma---------------------------------------------------Please mark my...
View ArticleRe: quality of service for beginner
Hi, As you said, the firewall filter is stateless.The matching condition in the filter was "port [ http https ]". This includes both source and destination port 80 and 443.HTTP return traffic from the...
View ArticleRe: SRX240 Chassis unable to commit
Thanks for the help. Here is the output of the commands: root@SRX01> show configuration | match traceoptions | display set{primary:node0} root@SRX01> show configuration security log mode...
View ArticleSystem Archival different then file copy via scp?
Hi All, I'm facing a bit of an odd issue with the system archival. I've seen some posts come by about system archival, but not quite the issue i'm seeing here. The setup:SRX220 (192.168.1.1) <-->...
View Articleblock all email attachments
Using UTM, is it possible to block all email attachment file extensions without listing all the possilbilities and then use a short permitted list? SRX-240 chuck
View ArticleQoS hub-spoke IPSec tunnels
Hi all, We have a bunch of remote sites tunneling everything back to a central hub. These remote sites all have various connection speeds/profiles and I'm looking to (specifically) help boost VoIP. I'm...
View ArticleConfiguration assistance on SRX340
Hi Forum, I am new to Junos and the SRX...I am having a difficult time configuringn my first SRX using J-web and hopefully someone can take a look at the attached configuration and see what I am doing...
View ArticleRe: Configuration assistance on SRX340
An initial look at the configuration looks ok. But for a start, please ensure that your device only has one default gateway. Currently the default gateway point in three directions: routing-options {...
View ArticleRe: Moving from SRX210 to SRX220
Thanks for the responses i will try upgrading and see it helps! This whole thing was making me feel very stupid.
View Article