Hi all, i need to know is there any ip safe guard command present in juniper ex3200 switch as well as in SRX 240
↧
How to stop Mac Spoofing on Ex3200,srx240
↧
Rest API SRX300 standalone not working
Cannot seem to get SRX300 to respond to REST API requests.
Jan 7 14:30:36 14:30:36.724600:CID-0:RT
ak_for_self: No handler function found for proto:6, dst-port:1025, drop pkt
# show system services rest
http {
port 1024;
}
https {
port 1025;
server-certificate SELF;
}
enable-explorer;
Have tried using an IRB interface, loopback, and a physical interface in management-zone.
WebUI works on the same interfaces.
Is it possible to use RestAPI without an FXP interface?
↧
↧
Dynamic VPN and multiple protected zones.
Hello.
I have SRX320 set up with multiple internal zones (let's call them Zone1 to Zone9) and want to selectively allow traffic from my VPN clients to resources placed in those zones.
Yes, I saw KB23954 and KB 23927 but still some things are not clear to me.
As I understand I should create a setup with one rule which causes the traffic to get encrypted and additional rules allowing for traffic from VPN client addres range to my hosts in protected zones. There are at least two questions that come to mind.
First - is there any priority for the zones? I mean are there any criteria saying which of the zones I should use as the "catch-all" zone for the "permit tunnel" entry? Or can it be any of the zones?
And the second one - as I understand if I create the rule as described in the examples with "any/any" as src/dest I effectively allow all traffic from the VPN clients to whole zone, right? Can I then somehow limit the traffic? Or should I just create a fake zone to which I should allow "all" traffic and filter all the remaining traffic using narrower rules? Or maybe can I just use a fake zone and allow some (virtually none) traffic and then filter selectively remaining traffic?
I think all my questions narrow to "what's the importance of matching any/any in setting up a dyn-vpn tunnel" and why this particular zone and not any of the other ones - does it matter?".
I hope I didn't make this sound too confusing :-)
Best regards
MK
↧
Member Loopbacks not communicating acorss Group VPN tunnel
Hi Guys,
I'm trying to setup a GVPN between two members and a key server. The IPSec tunnel establishes between the members and the key server and the policies are sent to the members as well, but the members can not communicate. However, when the VPN is removed from the members, they can communicate.
Can't figure out whwere the problem lies. Would have thought it's a routing issue, but ping across members work without the tunnel active.
Setup:
Lo0.0 KS-> ge-0/0/0.0 KS -> Switch -> ge-0/0/0.0 M1 -> Lo0.0 M1
Lo0.0 KS-> ge-0/0/0.0 KS -> Switch -> ge-0/0/0.0 M2 -> Lo0.0 M2
Tests:
IPSec tunnel from KS to M1 and M2 is up
Pings from Lo0.0 M1 <-> Lo0.0 M2 works with tunnel deactivated!
Pings from Lo0.0 M1 <-> Lo0.0 M2 does not work with tunnel active!
root@hub-server# ...-vpn server ipsec security-associations
Group: GROUP-1, Group Id: 1
Total IPsec SAs: 1
IPsec SA Algorithm SPI Lifetime
GROUP-1-SA ESP:aes-256/sha1 3b835a98 2910
root@spoke-member-2# ...-vpn member ipsec security-associations
Total active tunnels: 1
ID Server Port Algorithm SPI Life:sec/kb GId lsys
>133955594 172.16.3.1 848 ESP:aes-256/sha1 3b835a98 2833/ unlim 1 root
<133955594 172.16.3.1 848 ESP:aes-256/sha1 3b835a98 2833/ unlim 1 root
Attached are the configs.
Thanks.
↧
Dynamic VPN with Pulse Desktop Client
Hi all!
Is there anybody who uses latest Junos (15.1X49-D120) on SRX3XX series and has dynamic VPN working with latest Pulse Secure Desktop Client (5.3.4)?
I was following this guide https://www.juniper.net/documentation/en_US/junos/topics/example/vpn-security-dynamic-example-configuring.html with no success.
According to this forum thread https://community.pulsesecure.net/t5/Pulse-Desktop-Clients/Juniper-owners-how-to-get-client/td-p/9318 Pulse clients >= 5.2 should not work with SRX but there is still option to configure SRX connection in latest Pulse clients.
Traceoptions for ike and dynamic-vpn doesn't help. Firewall sends TCP FIN immediately after SSL Client Hello from Pulse Client. Web interface of the firewall is accessible via HTTPS from Internet and properly displays the message "Please obtain the Pulse Client from the Pulse Website". Firewall is using system-generated-certificate, but Pulse Client does not even ask me to accept untrusted certificate.
I am aware of the possibility tu use NCP client. I have already tested this option and it works fine. But our employees use Pulse Client for regular VPN access with MAG appliance and it wouldn't be convenient to buy and use another VPN client.
I would appreciate any suggestions
Michal
↧
↧
How do i enable ipv6 ips on Juniver SRX 240
I have been using my juniper srx 240 router for a while now and have been fine with just ipv4
Now i want to be able o utilize ipv6
So what i currently have now is link ipv4 public ips to private ips on virtual servers
below is example of my config in viewer
...
...
...
static { rule-set ruleset1 { from zone Internet; rule rule1 { match { destination-address 178.121.160.51/32; } then { static-nat { prefix { 192.168.1.10/32; } } } } rule rule2 { match { destination-address 178.121.160.52/32; } then { static-nat { prefix { 192.168.1.20/32; } } } } ... ... ... proxy-arp { interface ge-0/0/0.0 { address { 178.121.160.51/32; 178.121.160.52/32; 178.121.160.53/32; 178.121.160.54/32; 178.121.160.55/32; 178.121.160.56/32; } } }
...
...
...
and so on and so on but now i will like to do same for ipv6 how do i do this? I use CLI editor so pasting the code is better than commands for me Thanks for your help in advance
↧
Turning off TCP SYN checking
What are the drawbacks with turning off TCP SYN checking? Also, does it affect the operation of Screens in any way?
Thanks!
↧
Problem of network after VLAN is divided.
I pull a thread eo Huawei switch from Juniper Firewall, before division of VLAN, PC plugged into any port can get to the Internet, after dividing VLAN10, VLAN20, what should be set up, can let the PC in each VLAN be connected to the Internet.
↧
SRX 240 IPSEC Site-to-Site VPN Hairpinning
Hi Team,
Can you please let me know whether we can do IPSEC VPN Hairpinning in SRX 240.. if so the link/examples please
The scenario is that the tunnel enters to the SRX and the tunneled traffic leaves SRX on the same interface...
Thanks in Advance
Jay
↧
↧
Logical tunnel, static route, policies and isis
Hi, it's me again.... apologies 
I hope I explain what the issue is as best I can without a network diagram.....
I have a RADIUS attached to the SRX via 2 connections. One connection is for normal ppp traffic and one connection is for communication ONLY to the other SRX. The SRX physical ports we can state as ge-0/0/2 for ppp connection and ge-0/0/1 for the back to back. The connection to the data network will be ae2. I have cretaed 3 routing-instances and 2 logical tunnels as lt-0/0/0.1 .2 .3 and .4 (1 and 2 are peers and three and 4 are peers).... as per below:
Customer-VR - ae2, lt-0/0/0.1 and lt-0/0/0.3 (also within isis on the VR)
NineGroup-VR - ge-0/0/2 and lt-0/0/0.2 (also within isis on the VR)
NineGroupBTB-VR - ge-0/0/1 and lt-0/0/0.4 (also within isis on the VR)
I have created 3 zones called:
Customer-Network
NineGroup-DMZ
NineGroup-BTB
I have assigned the correct interfaces to the Zones and have created the policies.
I wanted to check that we have data separation throughout the network with regards to routing so changed the NineGroup-BTB policies to only allow ping from one RADIUS BTB interface to the other RADIUS BTB interface. The ping fails but the strange thing is as follows:
When I look at routing for RADIUS 1 BTB interface address on the SRX that RADIUS 2 BTB is attached too, I see 3 routes.... 1 via the ae2 interface in the Customer-VR, one for the lt-0/0/0.1 interface in the NineGroup-VR and 1 for the lt-0/0/0.3 interface in the NineGroupBTB-VR... I have the static routes in place and injecting them into isis.... why would I see access to the BTB address via both tunnels? If you want to have a look at the config on both devices then please let me know...... I will do my best to draw a diagram....
↧
Internet connection drops after a few minutes
Hi,
Not sure if any one can help.
We're in the process of configuring a new SRX 340 but have hit an issue whereby can connect to an irb interface via a VLAN access port on the SRX, it works for a few minutes ie we can get internet and then we get cut off. Cannot figure out why. It seems to allow us ping the irb interface and we can also ping external IP addresses however we cannot connect to websites, get DNS resolution etc.
We've been using irb.3 as a test interface (no filters applied - we thought these were the issue at first) via access ports configured on ge-0/0/1.0 and ge-0/0/2.0
ge-0/0/0 is connected to our internal network whilst we test hence its private IP address.
Hoping its something obvious in the config.
Thanks,
## Last changed: 2018-01-12 15:56:43 GMT
version 15.1X49-D120.3;
system {
host-name wz-lh-fw;
time-zone GMT;
root-authentication {
encrypted-password "$5$BR4/d0Ea$CN08qUFy2bRC6vx/w5T/CZ0QJ7FM2Gxdw7La3uM4iBC";
}
name-server {
8.8.8.8;
8.8.4.4;
}
name-resolution {
no-resolve-on-input;
}
login {
user admin {
uid 2002;
class super-user;
authentication {
encrypted-password "$5$urejcMru$vn3DLO0PkdBkF3pNIARDAgwiaRh4svvrHnZxTpzUTvB";
}
}
}
services {
ssh;
telnet;
xnm-clear-text;
dhcp-local-server {
group t101-dhcp {
interface irb.1;
}
group t102-dhcp {
interface irb.2;
}
group t103-dhcp {
interface irb.3;
}
group t104-dhcp {
interface irb.4;
}
group t105-dhcp {
interface irb.5;
}
requested-ip-interface-match;
}
web-management {
https {
system-generated-certificate;
}
}
}
syslog {
archive size 100k files 3;
user * {
any emergency;
}
file messages {
any notice;
authorization info;
}
file event-log {
any any;
archive files 1;
structured-data;
}
}
max-configurations-on-flash 5;
max-configuration-rollbacks 5;
license {
autoupdate {
url https://ae1.juniper.net/junos/key_retrieval;
}
}
ntp {
server us.ntp.pool.org;
}
}
security {
log {
mode event;
}
screen {
ids-option untrust-screen {
icmp {
ping-death;
}
ip {
source-route-option;
tear-drop;
}
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
}
land;
}
}
}
nat {
source {
pool generic-ext-ip {
address {
192.168.240.177/32;
}
}
rule-set generic-src-nat {
from zone [ zone-t101 zone-t102 zone-t103 zone-t104 zone-t105 ];
to zone internet;
rule generic-src-nat {
match {
source-address 10.1.3.0/24;
}
then {
source-nat {
interface;
}
}
}
}
}
proxy-arp {
interface ge-0/0/0.0 {
address {
192.168.240.177/32;
}
}
}
}
policies {
from-zone zone-t101 to-zone internet {
policy t101-out {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
from-zone zone-t102 to-zone internet {
policy t102-out {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
from-zone zone-t103 to-zone internet {
policy t103-out {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
from-zone zone-t104 to-zone internet {
policy t104-out {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
from-zone zone-t105 to-zone internet {
policy t105-out {
match {
source-address any;
destination-address any;
application any;
source-identity any;
}
then {
permit;
}
}
}
}
zones {
security-zone internet {
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
}
}
}
}
}
security-zone zone-t101 {
interfaces {
irb.1 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone zone-t102 {
interfaces {
irb.2 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone zone-t103 {
interfaces {
irb.3 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone zone-t104 {
interfaces {
irb.4 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone zone-t105 {
interfaces {
irb.5 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
}
}
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 192.168.240.176/24;
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan-t103;
}
}
}
}
ge-0/0/2 {
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members vlan-t103;
}
}
}
}
ge-0/0/7 {
unit 0 {
family ethernet-switching {
interface-mode trunk;
vlan {
members [ vlan-t101 vlan-t102 vlan-t103 vlan-t104 vlan-t105 ];
}
}
}
}
fxp0 {
unit 0 {
family inet {
address 192.168.1.1/24;
}
}
}
irb {
per-unit-scheduler;
unit 1 {
family inet {
filter {
input std-bw-limit-out;
output std-bw-limit-in;
}
address 10.1.1.1/24;
}
}
unit 2 {
family inet {
filter {
input std-bw-limit-out;
output std-bw-limit-in;
}
address 10.1.2.1/24;
}
}
unit 3 {
family inet {
address 10.1.3.1/24;
}
}
unit 4 {
family inet {
filter {
input t104-bw-limit-out;
output t104-bw-limit-in;
}
address 10.1.4.1/24;
}
}
unit 5 {
family inet {
filter {
input std-bw-limit-out;
output std-bw-limit-in;
}
address 10.1.5.1/24;
}
}
}
}
routing-options {
static {
route 0.0.0.0/0 next-hop 192.168.240.1;
}
}
protocols {
l2-learning {
global-mode switching;
}
}
class-of-service {
forwarding-classes {
queue 4 rl-30m;
}
interfaces {
irb {
unit 3 {
scheduler-map cos-map;
}
}
}
scheduler-maps {
cos-map {
forwarding-class rl-30m scheduler rl-30m-scheduler;
}
}
schedulers {
rl-30m-scheduler {
transmit-rate {
30m;
exact;
}
priority low;
}
}
}
firewall {
family inet {
filter std-bw-limit-out {
term 1 {
from {
destination-port dhcp;
}
then accept;
}
term 0 {
from {
source-address {
10.1.1.0/24;
10.1.2.0/24;
10.1.3.0/24;
10.1.5.0/24;
}
}
then {
policer policer-30mb-out;
accept;
}
}
}
filter std-bw-limit-in {
term 0 {
from {
destination-address {
10.1.1.0/24;
10.1.2.0/24;
10.1.3.0/24;
10.1.5.0/24;
}
}
then {
policer policer-30mb-in;
accept;
}
}
}
filter t104-bw-limit-out {
term 1 {
from {
destination-port dhcp;
}
then accept;
}
term 0 {
from {
source-address {
10.1.4.0/24;
}
}
then {
policer policer-10mb-t104-out;
accept;
}
}
}
filter t104-bw-limit-in {
term 0 {
from {
destination-address {
10.1.4.0/24;
}
}
then {
policer policer-10mb-t104-in;
accept;
}
}
}
filter rl-30m-traffic {
term default {
then {
forwarding-class rl-30m;
accept;
}
}
}
}
policer policer-30mb-in {
if-exceeding {
bandwidth-limit 30m;
burst-size-limit 625k;
}
then discard;
}
policer policer-30mb-out {
if-exceeding {
bandwidth-limit 30m;
burst-size-limit 625k;
}
then discard;
}
policer policer-10mb-t104-in {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 625k;
}
then discard;
}
policer policer-10mb-t104-out {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 625k;
}
then discard;
}
policer policer-10mb-t201-in {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 625k;
}
then discard;
}
policer policer-10mb-t201-out {
if-exceeding {
bandwidth-limit 10m;
burst-size-limit 625k;
}
then discard;
}
}
access {
address-assignment {
pool t101-dhcp-pool {
family inet {
network 10.1.1.0/24;
range t101-dhcp-range {
low 10.1.1.10;
high 10.1.1.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.1.1.1;
}
}
}
}
pool t102-dhcp-pool {
family inet {
network 10.1.2.0/24;
range t102-dhcp-range {
low 10.1.2.10;
high 10.1.2.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.1.2.1;
}
}
}
}
pool t103-dhcp-pool {
family inet {
network 10.1.3.0/24;
range t102-dhcp-range {
low 10.1.3.10;
high 10.1.3.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.1.3.1;
}
}
}
}
pool t104-dhcp-pool {
family inet {
network 10.1.4.0/24;
range t102-dhcp-range {
low 10.1.4.10;
high 10.1.4.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.1.4.1;
}
}
}
}
pool t105-dhcp-pool {
family inet {
network 10.1.5.0/24;
range t102-dhcp-range {
low 10.1.5.10;
high 10.1.5.254;
}
dhcp-attributes {
name-server {
8.8.8.8;
8.8.4.4;
}
router {
10.1.5.1;
}
}
}
}
}
}
vlans {
vlan-t101 {
vlan-id 101;
l3-interface irb.1;
}
vlan-t102 {
vlan-id 102;
l3-interface irb.2;
}
vlan-t103 {
vlan-id 103;
l3-interface irb.3;
}
vlan-t104 {
vlan-id 104;
l3-interface irb.4;
}
vlan-t105 {
vlan-id 105;
l3-interface irb.5;
}
}
↧
ip-monitoring not failing back
When my target IP goes down the route fails over the way it should but does not come back after the target IP is up again.
Can any see what is wrong here?
probe INET-UP {
test TargetIP {
target address xxx.117.108.194;
probe-count 3;
probe-interval 15;
test-interval 10;
thresholds {
successive-loss 3;
total-loss 3;
}
destination-interface ge-0/0/0.0;
next-hop xxx.191.127.233; (Upstream router of primary Internet connection)
}
}
policy INET-UP-MON {
match {
rpm-probe INET-UP;
}
then {
preferred-route {
route 4.2.2.2/32 {
next-hop 192.168.0.2;
}
route 0.0.0.0/0 {
next-hop 192.168.0.2;
}
}
}
}
↧
How do i add multiple ipv4 address blocks assigned to my srx 240?
I have been using 1 ipv4 address well for a while
now i have been provided another set of ipv4 address block and need to configure it on my srx240
how do i do that?
Here is what i have so far relating to the current public ipv4 address block
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 181.140.121.98/27;
}
}
}
...
...
routing-options {
static {
route 0.0.0.0/0 next-hop 181.140.121.97;
}
}
...
....
nat {
source {
rule-set nsw_srcnat {
from zone [ Internal Internal2 ];
to zone Internet;
rule nsw-src-interface {
match {
source-address 0.0.0.0/0;
destination-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
inactive: rule-set dyn-vpn-ruleset {
from zone Internet;
to zone Internal;
rule rule1 {
match {
source-address 192.168.1.0/24;
}
then {
source-nat {
pool {
dyn-pool;
}
}
}
}
}
}
static {
rule-set ruleset1 {
from zone Internet;
rule rule1 {
match {
destination-address 181.140.121.100/32;
}
then {
static-nat {
prefix {
192.168.1.10/32;
}
}
}
}so in above the ipv4 block is /27 with ISP gateway 181.140.121.97 and srx240 ip 181.140.121.98
but now i have been given another set of /25 ipv4 block that i need to add so i can add static NAT routes as well
/25
gateway 121.45.21.129
netmask 255.255.255.128
How do i do this?
What line of codes do i need to add to above to make this work?
↧
↧
Security policies - Specific applications
Hi
A quick to answer question - I'm sure....
If I am crafting policies, which I am..... And I have specific applications and UDP/TCP ports that are not listed under the "applications ?" section during the "set" statement, how do I create these bespoke ports and applicaitons please?
↧
SRX Randomly Powering Off
Hello,
I have an issue I am trying to diagnose with my 2 SRX devices running in an HA cluster. Occassionally, maybe once a month, one of the two SRX's will just be completely powered off when I come into the datacenter. The UPS's they are connected to (each to a different UPS) show no power interruptions or issues. They are buth SRX 1500 branch devices running Junos v17.3R1.10
Has anyone else ever seen this behavior and know of a source? The device powers back on and works fine from that point on but I need to get behind the problem. I haven't found anything that indicates a configuration or hardware issue but then again I don't know 100% how to check. I am working with JTAC but so far they haven't provided anything particularly useful.
Thank you!
↧
VPN Traffic selector issue multiple subnets
Hi,
I had a VPN up between 2 sites all working fine, I now need for another subnet on each of my SRX's to communicate via the VPN. I have adde traffic selectors for all options but when I apply, only the original netowrks communicate.
Site A 192.168.30.0/24 192.168.13.0/24
Site B 192.168.20.0/24 192.168.12.0/24
As example 192.168.30.10 can communicate with 192.168.20.10 without issue.
But 192.168.30.10 fails to communicate with 192.168.12.10.
Any combination site to site involving 192.168.13.0/24 & 192.168.12.0/24 do not work.
Below is example of config from one of the sites, the other side is identical but reserving of IP's.
vpn site-to-site{
bind-interface st0.1;
ike {
gateway site_to_site;
ipsec-policy site_to_site;
}
traffic-selector t1 {
local-ip 192.168.30.0/24;
remote-ip 192.168.20.0/24;
}
traffic-selector t2 {
local-ip 192.168.30.0/24;
remote-ip 192.168.12.0/24;
}
traffic-selector t3 {
local-ip 192.168.13.0/24;
remote-ip 192.168.20.0/24;
}
traffic-selector t4 {
local-ip 192.168.13.0/24;
remote-ip 192.168.12.0/24;
}
}
↧
Group VPN - Member Loopbacks not communicating across tunnel
Hi Guys,
I'm trying to setup a GVPN between two members and a key server. The IPSec tunnel establishes between the members and the key server and the policies are sent to the members as well, but the members can not communicate. However, when the VPN is removed from the members, they can communicate.
Can't figure out whwere the problem lies. Would have thought it's a routing issue, but ping across members work without the tunnel active.
Setup:
Lo0.0 KS-> ge-0/0/0.0 KS -> Switch -> ge-0/0/0.0 M1 -> Lo0.0 M1
Lo0.0 KS-> ge-0/0/0.0 KS -> Switch -> ge-0/0/0.0 M2 -> Lo0.0 M2
Tests:
IPSec tunnel from KS to M1 and M2 is up
Pings from Lo0.0 M1 <-> Lo0.0 M2 works with tunnel deactivated!
Pings from Lo0.0 M1 <-> Lo0.0 M2 does not work with tunnel active!
root@hub-server# ...-vpn server ipsec security-associations
Group: GROUP-1, Group Id: 1
Total IPsec SAs: 1
IPsec SA Algorithm SPI Lifetime
GROUP-1-SA ESP:aes-256/sha1 3b835a98 2910
root@spoke-member-2# ...-vpn member ipsec security-associations
Total active tunnels: 1
ID Server Port Algorithm SPI Life:sec/kb GId lsys
>133955594 172.16.3.1 848 ESP:aes-256/sha1 3b835a98 2833/ unlim 1 root
<133955594 172.16.3.1 848 ESP:aes-256/sha1 3b835a98 2833/ unlim 1 root
Attached are the configs.
Thanks.
↧
↧
SRX 5600 and 5800 Difference in Session Count
We recently upgraded our Gateway firewall from an SRX5600 to a SRX5800 firewall and with no increase in traffic, we have noticed that the total cp session has almost doubled. Is there a difference between the way SRX 5600 and 5800 records theirs sessions?
> show snmp mib walk jnxJsSPUMonitoringCurrentTotalSession
jnxJsSPUMonitoringCurrentTotalSession.0 = 62514477
↧
SRX 650 and " IP PIM SPARSE MODE Register message"
Hi everyone.
Is there anyway we can see the " contents of Register message " sent by SRX when acting as FHR in PIM SPARSE MODE?
Appreciated!!
↧
Port Forwarding
I need to set up port 9001 to be allocated for remote access. Is there a way to do this through the CLI or Junos Web device Manager? Thanks!
↧