Example of granular traffic control in dynamic VPNs
Hi everybody,I just wanted to share little implementation of dynamic vpns on the branch SRX cluster that I did lately.The case here was to have granular control over to what services and subnets...
View ArticleClik here to view.
vSRX IPv4/IPv6 - Example needed
Hi everybody, could you give me an example how to realize my drawing?I want to play with IPv6 but unfortunately my Provider has only IPv4...I don't have access to the Devices in light blue. Do I need...
View ArticleIs an SPC card failure graceful?
Dear all, Just wondering if anyone has any experience of an SPC card failure in a high end (3400) standalone SRX? Just wondering if the effect is essentially reduced capacity until the card is...
View ArticleHow to configure dual ISP balancing with failover?
Hi everyone, First of all, sorry for my bad english, I hope to explain well... I have 2 ISP links in my SRX220 and I need to have balancing between those links, and when some of the links falls, all...
View ArticleSRX100 meltdown...
Good morning.This just started happening to me with 1 of my SRX100's (brand new, H2, etc.) It has 1 ipsec tunnel, NAT, nothing special that an SSG5 can't do. But it comes with the added benefit of...
View ArticleRouting-Problem on SRX240
Hi, I have a strange behavior on our SRX240.We have setup several Site-toSite-VPNs (policy-based) and we are using the dynamic VPN (only with Pulse-Client).The Tunnels work fine. The Problem is, that...
View Article[HELP] need help to setup VLAN tagging
So basically i have an HP server that comes with iLO dedicated port, but i only have 1 network port to use so i want to be able to use that 1 network port to use as in/out network traffic and also iLO...
View Articlehost-outbound-traffic by interface
Hi all,My current Internet connection to ISP is a VLAN trunk link including two VLANs. My SRX need to get IP addresses from these two VLANs with DHCP. ISP requires all traffic in one VLAN must have...
View ArticleJunos Space cannot discover SRX chassis cluster using SNMPv3?
Hi All, Below is the minimum configuration SNMPv3 on my SRX. As i know on Junos Space or NMS the info that "bold" as per below need to match right between SRX and NMS. But the problem now Juos Space...
View ArticleDual ISP - First VPN drop causes Second VPN drop
On SRX240, there are two separate ISP each with static IP. Other end has two different static IPs. In normal operation there are two separate tunnels up, BGP fills routing table with routes over both...
View ArticleBridge tagged logical interfaces
Hi all,I am using SRX 220 as gateway to ISP. Two VLANs from ISP are terminated as a L3 logical interfaces as below:ge-0/0/0 { per-unit-scheduler; vlan-tagging; encapsulation flexible-ethernet-services;...
View Article[ipv6] proxy-ndp without nat?
Hi - My ISP provides myself with a "flat" /48 ipv6 subnet (not routed). I have assigned an IP/64 to the "untrust" interface of my SRX240 (junos 12.1X47-D25.4) and set the default gateway. I can ping6...
View ArticleSRX Sub-Interface Not sending ARP requests out
Hey Team, Looking for your assistance with a weird issue we are having on our SRX3400 Chassis Cluster. Environment: SRX3400 Chassis Cluster - 12.1X46D40.2 (JTAC Recommended) Issue: We upgraded this...
View ArticlePlease Help with SRX550 Routing between Amazon and ISP
Hello, I'm not a JunOS expert but learning fast, if you could assist I would be greatly appreciated. I setting up an SRX550 to be the gateway for our office to route traffic between ISP and AWS. We...
View ArticleClik here to view.
zone_id vs name
Hi, Making a traceoption under security alg, we've received output, which is not clear. Is there any possibility how to recognize the relation between the (src_\dst_)zone_id with its canonical name....
View ArticleBroadcast Vlan
Hi, I have created 4 vlans in a network. however there is a device that it is transmitting broadcast traffic in a Vlan but I want that this traffica can reach the others Vlans. can I do it?? I have...
View ArticleSRX logs in Wireshark
It would be very useful if set security flow traceoptions had an option to save the file in a format readable in Wireshark.
View ArticleAutomatically generated static route for route-based site-to-site IPsec VPN
Hi, I have a route based IPsec VPN to a customer, assume the traffic-selector is 1.2.3.4/32 to 5.6.7.8/32, the vpn is bound to st0.1, when the vpn comes up, a static route to 5.6.7.8/32 is...
View ArticleClik here to view.
Single zone application firewall don´t work SRX210HE2
Hello team, I have SRX210HE2 on my client my version is JUNOS 12.1X46-D40.2 with idp-signature database My customer just want use a single zone (trust-to-trust) from the begining end customer required...
View ArticleSRX 1 interface VPN head end possible?
hello I post hear a while back and now have my VPN configs solid, they are easly and pop right up. I'm doing a dynamic VPN config from SRX 210 to SRX240 SRX 210 > internet > FW > SRX 240...
View Article
