Clik here to view.
Re: Why is the SRX using NAT-T for the IPSEC?
Thanks! This seems to work and not make a mess of everything else set security nat source rule-set SNAT_use_interface rule snat_exclude_ipsec match source-address...
View ArticleRe: SRX slow on some webpages
There is a KB article in relation to creating a PCAP packet capture on branch SRX. http://kb.juniper.net/InfoCenter/index?page=content&id=KB11709&actp=search or on high-end...
View ArticleRe: Capture Traffic on USB Drive or Mount NFS ?
Hello , I dont think that we can change the location . I tried in lab and gave me this error : root# ...packet-capture file filename /var/log/packet-capture error: filename: '/var/log/packet-capture':...
View ArticleRe: SRX vs ScreenOS - NAT difference in flow?
Hello In SRX the Source and destination NAT are seperated and looked at different stages in FLOW ( attached ) . So the destination NAT hits first in flow , then route --> zone --> policy -->...
View ArticleRe: vsrx 2.0: high cpu load
In VMware Virtual Center, I'm also seeing one of my cores stuck at 100% even though a "show chassis routing-engine" comes back saying that the CPU is 100% idle. Has anyone managed to fix this ?
View ArticleRe: Capture Traffic on USB Drive or Mount NFS ?
Hello, I also triedand I gotthe same error :{primary:node0}[edit forwarding-options packet-capture file] SRX01# set filename /var/tmp/nfs/20160208_capture_flow_reth0 files 10 size 1024000 error:...
View ArticleRe: Capture Traffic on USB Drive or Mount NFS ?
If it's not possible, do I mount my disk on "/var/tmp" ?
View ArticleRe: Capture Traffic on USB Drive or Mount NFS ?
What happens if you create a symbolic link? I did a very quick test with a single PCAP file and so long as the symbolic link was created prior to adding the configuration for the packet capture, from...
View ArticleRe: VDSL2 Interface on SRX PIM or SRX110
I ran into this problem some time ago. The quick solution is buying a Draytek Vigor 130 and use it in Bridge mode next to the Juniper SRX. This works just fine and eliminates the need for a VDSL port...
View ArticlePBF problem when changing default route preference
Hi all,I am having some issues getting PBF working. Basically, I have two interfaces connected to Internet. One is used for ssl vpn access and it has a static IP that is nated and the other for...
View ArticleClik here to view.
External Users Can't Reach Public Addressed Devices in DMZ from Untrusted...
I have devices connected to a DMZ which has a subnet that was carved out of a /28 public static IP block with a /29 subnet. I created a static nat with proxy arp and corresponding policies to pass...
View ArticleClik here to view.
snmp no respond on SRX 1400 when use snmpwalk command on snmp server
when i use snmpwalk conmand on the snmp server , it says below but i can ping and ssh FW with 10.18.133.113 . and system-services snmp is configured on 10.18.133.113 10.18.133.113 is configure on a...
View ArticleRe: SRX and Multicast over IPsec VPN
Any one have an example config of muiltcast over IPSEC for the SRX?
View Articleset up ipsec dynamic vpn
I am tired of issues with the dynamic vpn client and windows 10 computer, sometimes it works sometimes it does not How can i setup an ipsec vpn so my computer is ALWAYS connected via VPN tunnel? Thanks
View ArticleRe: set up ipsec dynamic vpn
Hello , Are you using Pulse to connect to SRX . If so try upgrading the Pulse client and check if it stays connected .Also when you try to connect make sure if there is other users connected ( more...
View ArticleRe: External Users Can't Reach Public Addressed Devices in DMZ from Untrusted...
hello , Can you check the flow session : > show security flow session destination-prefix < IP address> and check if you see packet counts in both direction Also enable traceoptions and check...
View ArticleRe: SRX vs ScreenOS - NAT difference in flow?
Hi Sam, Thank you for the reply.I want to know the need for the different approach in SRX.What was the issue with ScreenOS NAT approach.How is it better in SRX? Regards,Amandeep Singh
View Article