Re: Interesting multi-subnet single LAN / DMZ disappearing issue.
Hi, Don't quite get a good picture of the issue. I would have thought you could do this simply with routing or maybe nat is making this more challenging.Could you share the configs and sample interface...
View ArticleAutomatically copying a policy from node a to node b without clustering
HiI think I have seen an answer for this before but for the life of me can’t find it now and not use if I imagined it.I am looking for a way to synchronize certain aspects of a firewall configuration...
View ArticleRe: Automatically copying a policy from node a to node b without clustering
Hi, That sounds like a network automation use-case. I guess this could be achieved through one of automation methods available with Juniper, i.e Junos space security director, ansible, scripts etc....
View ArticleRedundant Interface
As we are having redundant interface in Netscreen, do we have any similar kind of technology avialable on SRX.
View ArticleClik here to view.
Re: Redundant Interface
Hello, Yes, SRX also has redundant interface feature but it is present only in SRX chassis cluster as reth interfaces where one interface from each node bundle together and form a reth interface. One...
View ArticleRe: Interesting multi-subnet single LAN / DMZ disappearing issue.
Hi, I'll have to re-create the diagram in Visio, it was originally made in Gliffy although my account seems to have lost that particular image. Unfortunatly configs are quiet large, and it would take a...
View ArticleRe: Shaping an SRX240 ethernet interface
Note that the shaping rate option is under class-of-service settings.Example: set class-of-service interfaces ge-0/0/1 shaping-rate 20m
View ArticleRe: Route problem from trust VLAN to external gateway
Add vlan-trust to the vlan members on the trunk port.
View ArticleRe: Sending default route to virtual routing instance
Vey simple use a rib group that exports routes from the master along with a routing policy that accepts only the default static route and reject others.
View ArticleClik here to view.
Re: Sending default route to virtual routing instance
Hello, You can use the below KB article to export a route from master routing instance to a virtual router :- https://kb.juniper.net/InfoCenter/index?page=content&id=KB19860&actp=search...
View ArticleUsing Traffic Selectors and an numberes ST-Interface
Hi, just a quick question:Is ist possible to use an numbered ST-Interace in combination with traffic-selectors, or has the st-interface to be unnumbered when I use traffic-selectors ? Normaly I am...
View ArticleIPsec scheduling or on-demand
The good:Via help from these forums I have a functioning IPec tunnel to an Amazon VPC. works great. The bad:I am paying 24/7/365 for this tunnel at 5 cents an hour. For three locations it totals $1314...
View ArticleSRX 1500 cannot use command "set network-management cluster-master"?
Hi All, Im try to use command "set chassis cluster network-management cluster-master" on SRX1500 with Junos ver 15.1XD40 but that command not available. Can someone have try it on other SRX1500? Thanks
View ArticleRe: SRX 1500 cannot use command "set network-management cluster-master"?
Just curious - are you trying to manage the SRX1500 in NSM? If so, this is not supported anymore. For Junos Space you do not need to set that configuration.
View ArticleRe: SRX 1500 cannot use command "set network-management cluster-master"?
Hi, Yes, i'm try to manage using Junos Space. But the issue i''m not use FXP0 for managment. Im just use inband as management but in Junos Space just can look node 0 only not node1 when i click at...
View ArticleRe: Interesting multi-subnet single LAN / DMZ disappearing issue.
Hi, I don't foresee any issues having 2 subnets on the same LAN.For instance, hosts on 2 different /24s will not be able to reach each other although connected on the same flat LAN. To reach the other...
View ArticleRe: Redundant Interface
But in reth interfaces, one interface is taken from the primary chassis and other is from the standby and both physical interfaces are combined into a reth group.But in Red interfaces in netscreen, 2...
View ArticleBranch SRX capacity numbers
Does anyone know the Branch SRX capacity numbers in terms of parameters like: maximum number of policy contexts, maximum number of policies per context, maximum number of IDS policies etc. This...
View ArticleRe: SRX 1500 cannot use command "set network-management cluster-master"?
Hi, If you are not using fxp0 then you do not have any active interfaces on the standby firewall. Routing daemon will not be active on the backup node and so you will not be able to reach it. I suggest...
View ArticleRe: IPsec scheduling or on-demand
Hi, By "on-demand" do you mean, you want the VPN to be UP only when you have interested traffic? If yes then you can use the command set security ipsec vpn vpn-name establish-tunnels on-traffic...
View Article