SRX Sip ALG
I currently have the sip ALG disabled on my SRX. I was thinking about enabling to allow the sip automatic pinholes to work with Microsoft UM. I have read some past posts about the sip ALG not really...
View ArticleClik here to view.
SRX1500 - only passing traffic to/from some destinations
I have recently installed a pair of SRX1500 firewalls in a cluster. Running Junos 15.1X49-D150.2. I've discovered that the firewalls seem to be responsible for dropping tcp traffic to/from certain...
View ArticleLimiting J-Web access
Hi guys,I would like to limit the J-web access to only two interfaces ge-0/0/1.0 and ge-0/0/6.0. Below is the zone wise mapping of interfaces:0/0UNTRUST-INT...
View ArticleNeed Docs for building new IPSec Tunnel between SRX and Fortinate Firewall...
Need Docs for building new IPSec Tunnel between SRX and Fortinate Firewall using route based policy
View Articlesite-to-site VPN configuration
I am trying to vpn connect between an SRX240 and a cisco meraki MX60. the MX60 configuration is straight forward I have aes-128 encryption an Authentication of sha1 a Diffie-Hellman at group2 for phase...
View ArticleBGP Fail-over on IPSEC tunnels
Hello, I have this query, i was hoping, i can get some guidance. Now, there's 2 S2S VPN tunnels, going to 2 different sites, they're running BGP. The BGPs neighbors are the IPs configured on st0...
View ArticleClik here to view.
SRX1500 15.1X49-D160 Pulled?
Was SRX1500 D160 recently pulled from download? It's still up for other platforms.
View ArticleHow to log NAT traffic or see NAT "failed" reason?
I'm trying to set up network address translation on my Juniper to redirect all incoming traffic to a proxy server on the LAN. I think I have it set up properly, but I'm obviously missing something....
View ArticleIPV6 DHCP Relay not working properly
I'm trying to set up an SRX240 ([12.1X44-D15.5]) as an internal firewall, and want to use the IPv6 DHCP relay to relay requests/responses to our DHCPv6 server. I have the IPv6 routing working just...
View ArticleDownload policer won't work
Hi! I have a srx 240 cluster and want to limit the download speed to one of my server. Here's how I wanted to do this: #Policer 50Mbit/sset firewall policer policer-50mbit if-exceeding bandwidth-limit...
View ArticleWorking example of AppQoE
Good evening, everyone.I’ve been reviewing the new documentation on AppQoE, which appears to be supported on the SRX340-345 when running 15.1X49D150.The guide I’ve been following is located here:...
View ArticleWorking example of AppQoE/APBR
Good evening, everyone.I’ve been reviewing the new documentation on AppQoE, which appears to be supported on the SRX340-345 when running 15.1X49D150.The guide I’ve been following is located here:...
View ArticleWAN Link primary and Internet VPN as a Backup
Hi I have two links between two branches (WAN and Internet), and the target is to have the WAN Link primary and the VPN over the internet link as a Backup.I configured the route preference over WAN...
View ArticleUpdate an existing system user login method (SRX650)
I have a system user with super-user access, currently set to login with a password. # set system login user testuser authentication encrypted-password "****************************" I would like to...
View ArticleUpgrading an outdated SRX210HE2
My company is upgrading an old SRX210HE2 Firewall to the newer SRX320 model. My understanding is that the code is not quite the same on the newer device. is there a config translator that I can use to...
View ArticleConnection Drop
Hi, I could not find a solution to my problem yet. I ve two sites connected over site to site VPN, with SRX240 devices on both end. Local site consist of 1 device and the data centre consists of 2...
View Articlereject in "show route"
Hi Guys, I see 'reject' when I issue the 'show route' command for a particular subnet. pav@XX> show routeinet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)+ = Active Route, - = Last...
View ArticleSRX550 IPSec Replay errors
SRX550 Chassis Cluster established an IPsec VPN with Hillstone SG-6000-E3960. When the IPSec SA just initialized, the traffic flows, then, after a couple of minutes or seconds, ping or other traffic...
View ArticleSource/Reverse NAT between RI not working
We have two sides of an environment where we statically NAT ranges of private to public IPs and/or vice versa. On one side of this, we leverage a vSRX (on 15.1X49-D110.4), in which this traffic only...
View ArticleStatic/Reverse NAT between RI not working
We have two sides of an environment where we statically NAT ranges of private to public IPs and/or vice versa. On one side of this, we leverage a vSRX (on 15.1X49-D110.4), in which this traffic only...
View Article