Re: log traffic for the default deny policy not working
Hi Yes i had read about the need for session-init , so had turned it onI aslo have a rule denying Internet -> junos I have attached a fresh copy of my running config , still not logging anything...
View ArticleRe: SRX 240 hairpin nat not working
Problem solved. On destination nat was not permited vpt zone.
View ArticleRe: log traffic for the default deny policy not working
Thanks for the update. Can you share the "show route" output for the source IP and Destination IP for which the traffic logs are not generated?
View ArticleRe: How to configure IPSec RemoteVPN on new branch SRX?
Hi Please see below thread. https://forums.juniper.net/t5/SRX-Services-Gateway/Can-SRX-series-work-with-Shrew-Soft-VPN-client/td-p/76176 Regards,Anand
View ArticleRe: No proposal chosen
thanks a lot for your helpdid change the thins you've mentioned, but result is next: [Aug 25 10:53:26]ikev2_packet_allocate: Allocated packet d88800 from freelist[Aug 25 10:53:56]P1 SA 4357381 timer...
View ArticleSRX 210HE to SSG550 VPN Tunnel
Hi All, One of our site firewall is replaced from netscreen to SRX210. The tunnel is up and both LAN side users can ping each others. Recently, SRX210 users request to reach other side DMZ server. I...
View ArticleRe: SRX 210HE to SSG550 VPN Tunnel
Hello, Can you set following filters & provide the output of the 'get db stream' command on netscreen? set ff src-ip <IP behind SRX> dst-ip <IP dehin SSG on DMZ>set ff src-ip <IP...
View ArticleRe: SRX 210HE to SSG550 VPN Tunnel
The netscreen firewall is in production. Will it cause any impact if I execute the debug command?How can I stop it? Many Thanks
View ArticleRe: SRX 210HE to SSG550 VPN Tunnel
Hello, As long as your flow filters are accurate & narrow, it should not cause any production impact. Regards, Rushi
View ArticleRe: SRX Latency Inquiries
Will you kindly help me in finding the latency value for Juniper SRX1500 firewall.
View ArticleSRX DHCP Client with auth
Hello, I'm trying to bypass a Orange Livebox (French ISP) by a Juniper SRX320.It seems to be working with DHCP, but I need to specify auth on the interface. I have a username and a password and they...
View ArticleRe: No proposal chosen
thanks a lot!problem is solved.did it as it written in article by link above.only one change - ike version v2-only to version v1-only
View ArticleRe: SRX 210HE to SSG550 VPN Tunnel
Hi Rushi, You can refer to the attachment. The source is from 192.168.193.1(trust) to 172.16.0.20(dmz). Many Thanks,Kay
View ArticleRe: SRX650-Failed Session
When the session table is full it will generate an alarm log message. You can confirm the table was full by searching for these in your syslog. Flow session table full
View ArticleRe: SRX DHCP Client with auth
The SRX only supports pppoe authentication on models using the dsl modem card and not on ethernet interfaces. You will need to put the carrier device into bridge mode or get a bridge only modem from...
View ArticleRe: No proposal chosen
Thanks for the update. I'm surprised that ikev2 did not work but glad you have the connection up and running.
View ArticleRe: SRX 210HE to SSG550 VPN Tunnel
On the SSG the zone selection for firewall policy match is based on the routing table. So the policy untrust to trust is selected because the route to the destination address is to an interface in...
View ArticleRe: SRX650-Failed Session
Thank you vary much! I am a very biginner about network devices , so could you kindly show me how to find table status from syslog?
View ArticleRe: screen settings for SSYN flood protection on SRX240
Correct, before I tweaked the screen settings, the attack would max out the session count. During the attack, the session count stays normal, so that part is working as expected. My test is running a...
View ArticleRe: SRX 210HE to SSG550 VPN Tunnel
How can i fix it? The traffic can reach to DMZ when the trust <> trust tunnel is down.
View Article