Exempt Security Scanner from Screen Options
Is there way to exempt a vulnerability scanner from screen options? I see that the syn-flood option has a specific white list, however I am looking for something with a more blanket approach....
View ArticleVPN Phase 2 help
Dear Community, Background:- An existing IP SEC VPN with Phase 1 and 2 is already configured and is working without any issues. - The remote site would like to access a server on our local site.-...
View ArticleCannot make any config changes - help!
Hi there, We made a change on our SRX240 firewall this morning which is simply to update the public ssh key for a system user. When committing the change, we got the error below: node0:configuration...
View ArticleFAB Port Communication in a Cluster
Hi, Just a general question really, for information purposes:- Under what conditions would a FAB port start sending updates to the standby? Only the FAB port..... not a general chassis failure. Am I...
View ArticleHas trouble with failover on SRX650-cluster
Hello! I have cluster on SRX650 in mode active-standby.Manual management of failover works fine.But if i detach interfaces physically - i have a problem.Preemption is off.Example: node0 - primary,...
View ArticleSource identity authentication timeout
Hi all.This is my problem:I authenticate internet traffic by 2 ldap server as shown below.My problem is: when users lock their workstation, after some hours they are anymore authenticated.They need to...
View ArticleClik here to view.
Cross-Connect between Switches and SRX-Cluster
Hi all,we want to achive this scenario :This picture was taken of the SRX550 Datasheet.We want to have this on a SRX345-Cluster.So in the beginning, we will need to have a reth-interface with 4...
View Articlepacket mode on SRX and traffic inspection.
HI everyone Let say we have SRX, for one specific src ip abd destination ip pair, we want to use packet forwarding mode, my question is this traffic still get inspected for malware, virus etc? or in...
View ArticleClik here to view.
1-to-1 NAT setup to untrust /24?
I have a setup like this:I have the ge0/0/1.x NAT set up for each respective VLAN, but I want each VLAN to route to it's own public static in the /24. I'm used to Linux where you'd just create 0:0, 0:1...
View ArticleSRX240 setup problems
I am a novice at JunOS and am just getting my feet wet in setting up this SRX240 device. I got past the first stumble which was the device not running JWeb until a root password was set, and now have...
View ArticleSTATIC NAT rules evaluations on SRX
Hi everyone,Let say we have following static nat config;SRX ge1/1/1-----(EXTERNAL ZONE)set security nat static nat rule-set TEST from zone EXTERNALset security nat static nat rule-set TEST rule R1...
View ArticleFirst time Hands on SRX, things to know before purchasing
I picked up my jncia a couple years back. I have always been more interested in juniper than cisco, and would like to pursue juniper further. I want to buy a SRX110/220/320 for my home, and install it....
View ArticleVirtual Router, VPN IPSec routing problem ?
Hello, I have a SRX100 with, at start, a IPSec tunnel established and fonctionnal (LAN ; 192.168.88.0/24 on fe-0/0/0.0, remote LAN ; 10.200.0.0/16 using ISP1 on fe-0/0/6.0). Now, I'm adding virtual...
View ArticleIs there any other way to see the IDP signature protected?
Hi all, Can someone advise me if have any other method can see pattern detail that protected ad per below output? srx5600> show security idp attack detail HTTP:APACHE:HTTPD-MOD-CACHE-DOSDisplay...
View ArticleCan someone confirm whether IDP Signature update this threat?
Hi all, Appreciate if someone can pointing which IDP Signature is use to protect attack as below. I'm already search but not found it. CVE-2018-2628 Oracle Weblogic Critical Vulnerability Thanks and...
View ArticleSRX Layer2 ISP handoff while still allowing the core router out?
I hope that this is a softball question, but I'm stuck at the moment and could use some pointers.I have an SRX1500, it is connecting to an ISP with a /28 range. This unit will not be my primary...
View Articlecan't ping to 8.8.8.8 from source interface
I confused what i'm wrong.I can ping 8.8.8.8 successful but when I try to add source interface, It doesn't work. All policies are permited and route table is correct.Please see the configuration and...
View ArticleProblem SkyATP enrolling and configuration
Hi,on different days I try to destroy my head on these things and configuration about SkyATP-PolicyEnforcer configuration.Starting with order, SkyATP. I try to enrol one vSRX with these charatteristic:...
View ArticleSRX 1500: Warning while committing the changes
Hello Experts, I am gettting this warning message while I try to commit any change. Can you please advice me how to avoid this? warning: L2 global mode is switching mode, please add an interface in...
View ArticleSRX Enhanced Web Filter Categories Descriptions
Is there any way to see what websites or what each built in "Enchanced" category contains within EWF ? My reason is 2 fold, the first being just my curiosity and second, I cannot get the filter to...
View Article