Re: Route problem from trust VLAN to external gateway
I don't see a nat rule posted from trust to untrust. Does that exist, I would assume as an interface nat? If the nat were missing or not configured correctly that could explain why the trust side...
View ArticleRe: Cluster of SRX Firewalls in Two Data Centres
To Avoid Split Brain:While it is possible to use VLAN tagging and have both control and data traffic share the same switching infrastructure, it is not recommended to do so. I agree we Can use separate...
View ArticleRe: Route problem from trust VLAN to external gateway
Thanks for the reply! I have nat but forgot to include it in my original post. Here's the NAT I have configured:will@gw1> show configuration security nat source { rule-set trust-to-untrust { from...
View ArticleRe: Route problem from trust VLAN to external gateway
Hi, Please provide the output of the "test1" file and we would be able to see where it is failing :- set security flow traceoptions file test1 size 2m set security flow traceoptions flag basic-datapath...
View ArticleRe: Cluster of SRX Firewalls in Two Data Centres
Good Points I 'll take care of these. My requirements are as follow;1. Site A has services & Internet Connection with SRX & connected to internet A2. Site B has limited services & Internet...
View ArticleRe: Cluster of SRX Firewalls in Two Data Centres
Hi, You cannot use Internet to connect the HA Control and Fab links between the two SRX nodes because of the following reasons :- Latency needs to be less than 100ms.For HE, minimum bandwidth needed is...
View ArticleRe: SRX240H Anyway to Recover from dwc_otg_nandflash_bulk_flush+0x54 error?
Hi, Please try the 2 methods explained in the following link :- http://www.juniper.net/documentation/en_US/junos15.1/topics/topic-map/security-software-installation-boot-loader-usb-srx.html Boot using...
View ArticleCan SRX notify to administrator in the wake of the match with the security...
I want to notify to administrator when the traffic match with security policy on SRX using e-mail or snmp-trap.Can SRX do this? I think SRX can not notify using e-mail.However, By using the event...
View ArticleRe: Can SRX notify to administrator in the wake of the match with the...
Hi, For generating traps using the event-options, please go through the following link :-https://kb.juniper.net/InfoCenter/index?page=content&id=KB28307&actp=search The event options have to...
View ArticleClik here to view.
SRX to Fortigate VPN IKE Timeout
Hi, Currently attempted to get an SRX240H connected via the internet to a Fortigate 60D Gone through the normal troubleshooting guides, but seem to be getting a lot of different timeout issues, here's...
View ArticleRe: SRX to Fortigate VPN IKE Timeout
Hi, From the messages below :- Aug 12 02:43:01 [SITE-A-JUNOS <-> SITE-B-FORTIOS] ike_send_packet: Start, retransmit previous packet SA = { 72ea9f9f d1dffe33 - 00000000 00000000}, nego = -1, dst =...
View ArticleRe: SRX to Fortigate VPN IKE Timeout
Hi, Thanks for the quick response. So there's no filters going on on our end, Im trying to get debug info out of the Fortigate end, but it's not under my control, which is making it a tad dificult....
View ArticleRe: Route problem from trust VLAN to external gateway
Hi, Could you look at security flow sessions for this traffic:show security flow session source-prefix x.x.x.x destination-prefix y.y.y.y protocol icmp show security flow session nat brief show...
View ArticleRe: System Archival different then file copy via scp?
Hi Ashvin, I managed to come around to it and tried to perform SCP on a SRX210 running version 12.1X46-D40.2. I'm seeing the same behavior. The manual file transfer is going perfectly fine, but the scp...
View ArticleRe: Cluster of SRX Firewalls in Two Data Centres
Hi,________________________________________________________________________________________________I agree we Can use separate Vlan on same physical infrastructure but wouldn't that will increase the...
View ArticleRe: Route problem from trust VLAN to external gateway
Here's a sample of the output from what sahilsha requested. I'll get the other device output soon.will@gw1# run file show /var/log/testping1 | no-more Aug 12 08:28:49 08:28:49.206346:CID-0:RT:jsf sess...
View ArticleRe: Route problem from trust VLAN to external gateway
will@gw1# run ping 66.117.151.5 source 10.0.3.1 PING 66.117.151.5 (66.117.151.5): 56 data bytes ^C --- 66.117.151.5 ping statistics --- 7 packets transmitted, 0 packets received, 100% packet loss...
View ArticleRe: Cluster of SRX Firewalls in Two Data Centres
Hi,_________________________________________________________________________________________________You cannot use Internet to connect the HA Control and Fab links between the two SRX...
View Articleroute table lock on fw trace
Hi all Our SRX3400 keeps logging these and it's cluttering up the firewall logs, how do i remove them? Aug 12 11:50:57 11:50:52.024475:CID-01:FPC-06:PIC-00:THREAD_ID-03:RT:released route table lock Aug...
View ArticleRe: Can SRX notify to administrator in the wake of the match with the...
HI GENC, You can generate the event using SNMP or Syslog as sahilsha mentioned, and if you have a SIEM or Syslog Server most support sending emails on specific events and you can even connect it to an...
View Article