Using "source-identity" with "pass-through" firewall authentication
I am looking for a solution to an issue with the following config:policy MyPolicy1 { match { source-address any; destination-address MyAddress1; application any; source-identity any; } then { permit {...
View ArticleIKE negotiation successful by not IKE SA nor phase 2 negotiation
Hi, I am setting up an IPsec tunnel with a partner on a SRX-5400 cluster running 15.1X49-D100.6, KMD log shows that IKE phase 1 is negotiated successfully, but there is no associated IKE SA created,...
View ArticleSRX 1500 - HA Control Port
Hello Experts, Is there any way I can use one of the copper ports in the device as HA control port? I understand that there is a dedicated SPF port in the device for this purpose. Unfortunately the SFP...
View ArticleIKEv1 : Error: TImeout
Dear All Suddenly site to site vpn not working, getting error message " IKEv1 Error: Timeout". I've check the ike service enable on untrust zone.I think IKE service is not working on firewall.Please...
View ArticleNAT - Static Source vs. Static Destination
Hi all,could you please confirm if there is any difference between configuring Static Destination or Static Source NAT?I understood they would end up doing the same thing?Are there any important...
View ArticleDifference in monitor interface command between physical interface and reth
Hi guys, on SRX1400 cluster active-standby i just noticed that: xe-0/0/9 up upxe-0/0/9.0 up up aenet --> reth2.0........xe-4/0/9 up...
View ArticleVPN Configuration on SRX1500 issue
Hi, Because we are configuring an SRX1500 for IPsec VPN we are using the NCP client. We have a situation where the client connects, but in a strange way (FQDN Username does not equal XAUTH username but...
View Articlepacket mode in SRX higg end or bypass security policy
There is a firewall filter to forward traffic to a forwarding instance: term 2 { from { source-address { 1.1.1.1/32; } destination-address { 0.0.0.0/0; } protocol tcp; destination-port [ 80 443 ]; }...
View ArticleUser Identification with active directory on SRX and Routing-Instance
Hi I've some trouble configuring active-directory connection on one SRX.What about the other SRX without routing instance, same configuration NO problem.In this case with routing instance yes...I've...
View Articlefailover or bgp vpn between SRX (Site A) to SRX & SSG5 (at same site with...
We have site-site vpn setup between srx (Site A) and ssg5 (Site B) , and now we have added one more srx router at Site B (with same Intranet but different ISP Internet ). Now i have to bring up one...
View ArticleNDP, PC's Hot
Does too many static NDP entries increase CPU traffic. Is this the culprit? Srx240b2 11.47 . Here is my config. My memory usage is 80% and more. NDP seems to make the memory usage higher by alot. Some...
View ArticleNDP, release it?
Is there an effect to removing an NDP entry, committing it, then releasing that ip? Can it be done in the srx? What are the implications?
View ArticleLogs for shutdown or reboot
Hello eveybody,I just want to configure logs on SRX320 to get the "shutdown" or " reboot" message, please help me out the necessary config commands. Also what file size should be enough to keep logs...
View ArticleNetscreen to SRX Juniper
Hi,Could someone say if the migration tool used to migrate Netscreen Policies to SRX policies was decommissioned? I need migrate Netscreen security policies to SRX security policies. Someone know some...
View ArticleDHCP Server SRX345
HiI tried to configure a DHCP SERVE in my juniper SRX345, but dhcp dont distribuied IP and i check the logs, juniper drop all pakages. show dhcp server statisticsPackets dropped: Total 1078...
View ArticleSRX240H2 upgrade issue
I'm trying to upgrade my SRX240H2 to lattes firmware version ( from 12.1X46-D65 to 12.1x46-D66 and I get this error: Extracting /var/tmp/junos-srxsme-12.1X46-D66.1-domestic.tgz ...Installing package...
View ArticleInterface must be in the same routing instance as other interfaces in the zone
Hi,Please find below configuration and error message and suggest alternate way to achieve the requirement.Same configuration is working fine in packet mode. We are trying to configure the same in flow...
View ArticleAlarm set: License color=YELLOW, class=CHASSIS, reason=1 Logical System...
Hello. I install new version of junos R18.1 and i see tish message on the log. Apr 11 09:35:52 r28 alarmd[2018]: Alarm set: License color=YELLOW, class=CHASSIS, reason=1 Logical System requires a...
View ArticleSRX220-H Encrypted VPN on Serial PIM Interterface
Hi We have a issue where we have to upgrade our existing SRX220-H (not the HE model) so the inter site links are now encrypted but the customer wants to keep existing hardware and lines so the...
View ArticleSSL PROXY SRX 320
Hello. I have new Junos R18.1 jn my SRX300. I configure SSL Forwarding Proxy and it doesn't work.Log messages: Apr 11 12:28:23 r28 junos-ssl-proxy: SSL_PROXY_SSL_SESSION_DROP: lsys:root-logical-system...
View Article