Re: log traffic for the default deny policy not working
Hi Anand Ive added it , still not getting anything logged in any of the policy .... from-zone Internet to-zone junos-host { policy deny-junos { match { source-address any; destination-address any;...
View ArticleRe: Just for my understanding -> chassis cluster Active/Active
Hello, If Breaking that local network into two subnets is possible then yes. This is as good as having two local lans & two ISPs.But without breaking the network, all the traffic will come on one...
View ArticleRe: Just for my understanding -> chassis cluster Active/Active
perfect, thanks for your explantation. Christoph.
View ArticleClik here to view.
Re: log traffic for the default deny policy not working
Hi Anand Here is the latest config im using , same behaviors syslog { archive size 100k files 3; user * { any emergency; } file messages { any critical; authorization info; } file interactive-commands...
View ArticleRe: Unable to ping default gw from SRX240 cluster Node0 using fxp0
{primary:node0}Test@SRX240-SNC-CLUSTER-NODE-0> show chassis cluster statusMonitor Failure codes: CS Cold Sync monitoring FL Fabric Connection monitoring GR GRES monitoring HW Hardware monitoring IF...
View ArticleHow do I filter out certain messages from logs using regular expressions
Good morning guys, I'm having a hard time trying to figure this out. Long story short, I've got a few policies in place with logs enabled. I then have a few sets of refinements on the logs to keep...
View ArticleRe: SRX Session Analyzer based on Perl
Can you please email me the script at pparikh@juniper.net?BugHunter wrote:The following perl code is free to modify and use to analyze SRX session dump, which can be collected by "show security flow...
View ArticleRe: How do I filter out certain messages from logs using regular expressions
For what it's worth, I also tried: match "!(.*junos-dns-udp.*)|.*trust-to-untrust"; Which writes the results of other policies (IE: untrust-to-DMZ), but neither junos-dns-udp or trust-to-untrust.
View ArticleRe: log traffic for the default deny policy not working
**update Ok so looks like it IS logging but only for port 2222 ( which i have NAT for ) Aug 22 14:55:39 srx210 RT_FLOW: RT_FLOW_SESSION_DENY: session denied 190.182.192.226/53486->1.1.1.1/2222...
View ArticleRe: Unable to ping default gw from SRX240 cluster Node0 using fxp0
Hi,Can you provide the routing and forwarding table inet.0 for the SRX:show route table inet.0 show route forwarding-table family inetCheers,Ashvin
View ArticleRe: log traffic for the default deny policy not working
Hi egawd, I agree. Because in the flow the SRX does not have any action defined under NAT. It either translates if the traffic matches a rule or it doesnt. The Allow/Deny action comes under the policy....
View ArticleRe: log traffic for the default deny policy not working
Adding to this:- Can you share your source and destination IPs used in this transaction and the corresponding routing? I want to ensure that this is not getting dropped at any other stage apart from...
View ArticleClik here to view.
Re: log traffic for the default deny policy not working
Hi AnandRight now its the most basic setup ; i mean i cant get this to work so i wont complexify it Internet ----> srx --------> lan So for instance i do a telnet or ssh on port 999 ( any random...
View ArticleRe: Failover and PBR / FBF on SRX
Hi Rushi, No, i using 1 forwarding instance only for LAN Segment to go to 2nd-dary link. And others using inet.0And yes , rib-groups are working fine for inet.0 and forwarding instance. I have tried to...
View ArticleSRX 300 - DHCP subsystem not running
I can't seem to get DHCP to work on the new SRX 300. The error I get is “dhcp subsystem not running”… I gather there's two ways of doing it, the old SRX100 method and a new one (see below) Is there a...
View ArticleRe: SRX 300 - DHCP subsystem not running
Hello, Can you post the complete error message?Which command you are attempting to run when the error message appears?I am assuming that there is no issue with committing the configuration. Regards, Rushi
View ArticleRe: SRX 300 - DHCP subsystem not running
Hi, The error possibly indicates the dhcp daemon not running.Maybe you could try restarting it:restart dhcp-service gracefullyor "restart dhcp gracefully".Cheers,Ashvin
View ArticleRe: SRX 300 - DHCP subsystem not running
ASAIK, on 15.1 we dont have old dhcp, its the new jdhcp and your configuration is also for new jdhcp model. Can you run below commmand to confirm if JDHCP is running? root# run show system processes...
View ArticleRe: SRX 300 - DHCP subsystem not running
you may also remove the vlan.1 from DHCP configurations.
View Article