ids screen against tcp port-scan&tcp-sweep, how to check?
Hi, We have an issue with TCP port-scanning & tcp-sweeping from several well-known abusive IP addresses. Such scans leading our SRX cluster to send tons of "RT_FLOW - RT_FLOW_SESSION_DENY / policy...
View ArticleSNMP default context
Hi, This is an add on to a previous SNMP issue. As the SRX I am using is ALL VR related then there is no default context as such. All the physical interfaces and logical tunnel interfaces belong to a...
View ArticleServices and ALG processed last
Hi all, A few questions.. Please could anyone explain the reasons why services/alg is the final step (except for installing the session in slow-path) in both the first and fast path processing orders?...
View ArticleDynamic VPN and Linux client - working solution
As we all know, there have always been a problem connecting Linux clients to SRX-based dynamic VPN service. For quite some time we tended to ignore this and work with Pulse Secure under Windows VM's....
View ArticleRe: IPSEC tunnel flapping
same issue just appeard on our boxes couple of days ago...was there a solution ? BR, Christoph
View ArticleRe: Community FAQ - 2018 Update
Hi every bodayI have a Juniper device SRX240H2 , and with the detail info as below.Software Version: JUNOS Software Release [11.4R11.4]Bios Version: 2.4Now, I would like to monitor it by Manage Engine...
View ArticleDynamic VPN client can't ping some remote-protected-resources
Hi, I'm experiencing a perplexing Dynamic VPN issue with my SRX running 12.1X46-D71 using the straightforward example at...
View ArticleSrx 650 Destination Nat
Dear team of Juniper, Recently we have upgraded from Ssg550m to Srx650 "due to motherboard difect , it's end back for fixing" Anyway. On SSG 550 destination went through the VIP translation which it's...
View ArticleSRX Comparison Small/Branch vs Mid/DataCenter
Hi, Im looking a comparison beetween srx branch and high end, all i find in the site just like in the attachment. Planning to use feature fbf,nat,rpm,ip-monitoring,routing in srx, since i dont find...
View ArticleClik here to view.
Web auth. is not shown
Hi I try to configure pass-through auth with web auth. but web auth. is not shown 1. i already designed interface for web auth. and enable web-authentication[edit interfaces ge-0/0/0]root# show unit 0...
View ArticleChassis cluster some traffic only seen on secondary / inactive node
Hi! I have a strange issue.I have a static NAT Rule configured on my chussis cluster. So far so good.It worked for a couple of months. Today users complain that they cannot connect to the server behind...
View ArticleSite to Site VPN Error
Hi,i had a site to site vpn connection between 2 sites until yesterday. Suddenly today i stopped working. In fw logs there seem to be no error. On the peer side, the only error is : "srx240-02a...
View ArticleError: /kernel: vpls_learn_l2addr(): identical addr and ifl existed: addr...
We have a Juniper 650 that keeps spitting out the following error: Juniper650 /kernel: vpls_learn_l2addr(): identical addr and ifl existed: addr 00:50:56:9f:77:a7, ifl 93 This occurs on on diffent mac...
View ArticlePass-through web redirect
Hi I want to enable web-redirect for user authentication.All user names is on both LDAP and local user My problem isCaptive is shown but user on AD can't authenticate. here is my configuration. set...
View Articlesrx vpn is up but no traffic & vpn to another site is flactuating
Srx ipsec vpn between srx210 devices is up but not able to ping remote IP, and each srx devices have configured site-site vpn to ssg5 here traffice going down after some time SRX "A" ---->Srx "b"...
View ArticleClik here to view.
Virtual router does not work
Hi, This is the setup i'm trying to achieve: Whe an attack is detected, the scrubber announces via BGP to the router the attacked IP with:1. Mask /322. BGP community XXXXX:6673. Next-hop set to the...
View ArticleSRX 240 Cluster over EX switches, ethernet switching not working.
Hi!I have srx240 cluster over ex-3200 switches.My topology: srx-240(node0) ---ex-3200----ISP L2 VPN(q-n-q)-----ex-3200----srx-240(node1) Cluster work fine, except L2 switching.swfab0 { fabric-options {...
View ArticleSRX240 to Asus AP, tag/trunk .
Tagging works, trunk doesn't.The boxes.....1 - SRX240B2 junos 11.47x1 - ASUS RT-AC68u wifi API want to create a trunk and tagging sothat I can use multiple vlans across these.I understand that a simple...
View ArticleVPN stays up for 50 min, goes down for 10 min and comes back up.
HI my openvpn VPN stays up for 50 min, goes down for 10 min and coming back exactly in 10mins.. so every one hour my openvpn it is being flacutating , what could be the issuethis is between srx &...
View ArticleSrx 650 telnet port
Dear juniper guys. On my previous post i had some problems with the public ip forward ports, it's solved. I have manage to open couple of ports of just one ip.But , there is always but... Seems even if...
View Article