Ex4200 switch trunking with vmware not working
Dear Team, We have setup like:Firewall => juniper s/w (Trunk) => juniper s/w new (trunk) => VMware machines We have three different subnet VMware machines connected through port ge-0/0/32 of...
View ArticleSRX-EX LLDP
Hi, I have 2 questions: 1. Why I can't view EX2200 directly connected to SRX210 through the "show lldp nei" command in SRX admin@SRX> show configuration | display set | match lldp set protocols...
View ArticleSecurity policies not passing traffic
We have an SRX100H2 that I'm trying to lock down. Basically, it's a branch VPN, and I only want to pass limited traffic thru the tunnel. I've set everything up (VPN, NAT, etc.), and traffic passes fine...
View ArticleAdding a XPIM to a SRX Cluster
Hello, Wondering if you could give me some advice! We currently have a SRX550 cluster within which Node 0 has an Ethernet Switch 16-port 10/100/1000Base-T XPIM and Node 1 does not, doh! I have another...
View ArticleAllow IP Protocols
Hi Guys, a Customer wants to allow IP Protocol 97 through his SRX.So I created an application like this: set applications application ip97 protocol 97 The Rule looks like this: from-zone Zone1 to-zone...
View ArticleHow to find out where an object is used?
HI everyone, Is there a way to find out where an object is being used? for example, search all the rules containing the object "server-1" or "192.168.5.2" ? Thanks !
View ArticleGoogle Drive
I have an SRX240 installed. I have default denys on both inbound and outbound. I run a Sophos WS500 internal to the SRX as the proxy and all users have to use the WS500 as their proxy. This means that...
View ArticleSRX cluster with routing instances
Hello all,I have a case where I have dual isp's, going into a clustered SRX pair. What I really want to do is setup some traffic (VoIP) to go out ISP1 during normal operation, and all other traffic to...
View ArticleSRX210 as a Cisco Router
Hi,I need to configure an SRX210 as a cisco router. In cisco its easy but in Junos i cant.I means use the srx like a Cisco 1801 series or TP-Link router, neutral router, OpenWRT...In Cisco router i...
View ArticleSRX won't allow users to select IKEv2 PRF
Hi, all, I struggled hours to bring up IKEv2 between SRX and Cisco ASA which we have no control of, SRX is the initiator, ASA side immediately returns "no proposal chosen" when IKEv2 is initiated from...
View ArticleNot able to learn MAC of RETH interface
Hi Guys,I have two nodes in cluster mode connected to a Cisco switch. I am able to see the ARP entry of Switch IP on my SRX but the Cisco switch show the ARP entry as Incomplete for SRX reth interface...
View ArticleConfigure srx240 to ISP
Deal All, I tried to configure srx240 to DIA circuit ISP with static IPs but faild. The srx is configured with the below configuration:set version 12.1X44-D35.5 set system host-name SRX240STV set...
View ArticleSRX decrypts packets not matching IPsec SA
Hi, I encountered a situation that may totally change my understanding of how IPsec works ..., I need you guys help to clear my doubts. Refer to the following topology: HostA(70.36.241.106) -----SRX...
View ArticleNAT64 on SRX 240H2 in Cluster
I am facing the following issue when I was setting up ipv6 NAT64 , VPN does not work when the below rule is enabled , I removed the below Static Nat statement and VPN started working again , here is...
View ArticleQuestion about routings!!
Hey guys, I need help! I need do a routing, but I don't understand but how made in Juniper SRX240... I have this scenary:ge-0/0/0 = ISP1 (5 WAN IP ONE GATEWAY)ge-0/0/1= ISP2 (4 WAN IP ONE...
View ArticleSRX220H2 upgrading fails
Hi Experts, I was trying to upgrade the SRX220H2 but getting the follwing error:root> request system software add /tmp/usb/junos-srxsme-12.3X48-D25.3-domestic.tgz no-validate no-copyWARNING: Package...
View ArticleSite-to-Site IPSec VPN Dropping at Soft Lifetime
Hey party people. We have a site-to-site IPSec tunnel running from an SRX-240 to a NetScreen. Recently (cause or change unknown), the VPN between the two systems has been dropping (and re-connecting)...
View ArticleTrack-IP on SRX? Gone, replaced, or outdated?
I appologize for asking this but everything I can find talks about chassis clustering (which is a nice feature but not what I am looking for). With ScreenOS, there was an ability to Track IP addresses...
View ArticleAdding SRX cluster into Security Director
Hello I am having hard time to add SRX cluster into Security Director. I am using SNMPV3. I can add only master SRX. For backup SRX, giving the error Junos Space is unable to query the device...
View Articleload sharing default routes vs rpm probe and ip monitor
I was kind of baffled by a S2J translation of two seperate default routes that combined into one.. Having two with seperate preferences was intended to work with track-ip, but now I'm not sure what it...
View Article