Re: How to find newly created session from logs?
Thank you I have attached a log.One is "show security flow session summary"result and the other is "show security monitoring fpc 0" result.The results were like that. user> show security flow...
View ArticleRe: log traffic for the default deny policy not working
Add session-close to the global policy. As best practice, always try to add session-close option at the end of a deny policy. Session-init would only show traffic for session initiated but won't show a...
View ArticleRe: How to find newly created session from logs?
The session creation per second is usually taken every 96 seconds and it may be possible that no new session was created in the space of 96 secs. I checked on my home SRX and saw very similar...
View ArticleRe: log traffic for the default deny policy not working
egawd, Can you add a deny policy with logging for the following context? From-Zone Internet to-zone junos-host Regards,AnandPlease Mark My Solution Accepted if it Helped, Kudos are Appreciated too
View ArticleFailover and PBR / FBF on SRX
Hi Folks, Currently we are using 2 SSG5-SH to do link failover between 2 Office using 2 MPLS Provider.I've configured IP Tracking and PBR for specific LAN Segment also.We have plan to replaced those...
View ArticleRe: log traffic for the default deny policy not working
I don't see anything wrong in your configuration. This is similar to what I have. I will lab your configuration and get back to you.
View ArticleSRX and failover behavior
Hi, If I have a pair of SRX3400 (running active/standby) with physical connectivity similar to the diagram below. If I have configured all data interface to redundancy group 1, and also configured...
View ArticleRe: SRX and failover behavior
I think this is a not supported scenario. You have 4 AE interfaces configured for 1 reth (reth1),we need only 2 ae . Please refer to KB22474 to understand the supported...
View ArticleSRX100 boot problem
hello, SRX100 isnt booting up (status LED is orange), it sends me to u-boot automatically and i cant do anything from there. here is the output may need to detect problem or advice me what can i check...
View ArticleRe: Failover and PBR / FBF on SRX
Hello, Are you using 2 Forwarding instance but keeping the two ISP facing interfaces on inet.0 (default router)?And are you using 'rib-groups' to populate interface routes between two forwarding...
View ArticleRe: SRX and failover behavior
Hi, ______________________________________________________________________________________________also configured interface monitoring for all the data interface which will trigger a failover if any...
View ArticleRe: SRX and failover behavior
Hi Suraj, Both switches are actually running as single virtual chassis, hence the VC will only configure one AE to each unit of Firewall. The diagram is actually borrowed from this link....
View ArticleRe: SRX and failover behavior
Hi Ashvin, I have responded to Suraj to clarified on the scenario, and also to address on your query. Regards
View ArticleRe: SRX and failover behavior
Hi, IMO, with EX in VC and MC-LAG configuration this would be supported as well since the priniciple mentioned before is being obeyed.With weight of 255 for each individual interface and losing one of...
View ArticleCommand to verify licensed install on Cluster?
Hi all, is there any one know what command need to execute to see licensed install on both cluster without enetering the node 1? Thanks and appreciate some one feedback
View ArticleRe: Command to verify licensed install on Cluster?
Hello, I do not recollect if there is any command to get node 1 license information from node 0.However you can use below commands to enter to node 1 from node 0 to get necessary output. ** operational...
View ArticleJust for my understanding -> chassis cluster Active/Active
Hi guys, just a question for my understanding.When using an SRX in chassis-cluster mode and want an active/active-usage then I will need to put reth1 in RG1 and reth2 in RG2. Lets say reth1 is...
View ArticleRe: Just for my understanding -> chassis cluster Active/Active
Hello, If you have one local LAN & one ISP, then active/active is not possible.Production traffic travelling over Fabric link should be avoided as much as possible. Regards, Rushi
View ArticleRe: Just for my understanding -> chassis cluster Active/Active
Hello, thanks for your fast reply.and if I have one local subnet and two ISPs ... can I use in this scenario active/active-cluster for load-balanncing-purposes ? Christoph.
View Article