SRX345 Chassis Cluster FPC issue
Hello, we have 2 SRX345 (JunOS 15.1X49-D150.2) configured in chassis cluster both nodes are active for different RG. On node0 we experienced high cpu (near 100%) due to daemon llmd, the node rebooted...
View ArticleManually Boot SRX From Backup Slice
I have an SRX100 that I am trying to boot form the backup partition/slice. I do NOT have this CLI command available:request system reboot slice alternate media internalI have tried setting...
View ArticleCopy config
Hi - Will the below work to copy a config from one srx210 to another for a new site? Open the existing config on device A via history then copy and past to text fileEdit text file for the new site...
View ArticleJuniper SRX IPsec RSA Nonce
Hello,Is someone able to confirm if a Juniper SRX can be configured to authenticate an IPsec VPN using RSA signatures (nonce) not based on PKI with a CA, its an RSA public private key for...
View ArticleIKEv2 configured DH-group 14 but SA comes up with DH-group 5, peer complains...
Hi, I have the following IKEv2 configuration, external partner is running ASA, we agreed the DH-group is group14, but IKEv2 SA comes up with DH-group-5, I am initiator, partner side is complaining...
View ArticleHow to keep DHCP route tied to a specific interface?
I've done more testing on my SRX configuration and have a final problem left. Recently I had experienced assigning 2 interfaces (ge-0/0/0 and ge-0/0/13) as DHCP clients and ge-0/0/13 never got an IP...
View ArticleVoIP and SIP ALG behavior in routed rfc 1918 networks without NAT
Hello everybody,on a corp lan/man with several thousands of users and several hundreds of firewall modules spread across ranging from SOHO boxes to highend SRX we're in the middle of a large scale VoIP...
View ArticleUnable to get traffic shaping working on a SRX345
I'm convinced I've missed something but I can't for the life of me work out where I am going wrong. I would like to shape traffic on a single physical interface (acting as a switch port) to 2Mbps. I...
View ArticleProtecting old Linux hosts against TCP Sack Panic with SRX, hoe?
I have a Linux Servers network that sits beihnd a SRX device.Some of them cannot be upgraded and are vulnerable to TCP Sack Panic CVE.I cannot upgrade these Servers at the time and on more then one...
View Article1-Port T1/E1 Mini-Physical (SRX-MP-1T1E1-R) Interface Module supports...
AFAIK, the said card should support Channelized E1s however it is not mentioned clearly in the documentations. Can any confirm the said support?
View ArticleSRX 300 policer Bandwidth issues
We have a SRX where x2 ports are configured with seprarate IP networks. Both ports are capped to 100 mbps but when running a speedtest on separate ports we get full BW however runing a speedtest on...
View ArticleGRE Keepalive
Hi I try to monitor GRE status. The output are below Logical interface gr-0/0/0.0 (Index 76) (SNMP ifIndex 535)Flags: Hardware-Down Up Point-To-Point SNMP-Traps 0x0 IP-Header...
View ArticleVoIP, for Comcast Xfinity, filtering?
I have internet service from Xfinity/Comcast. The VoIP service is only hardware compatible with an approved voice modem. This means that the phone plugs are on the modem. I bought a voice modem but it...
View ArticleSRX340 Virtual Chassis & BGP
Hi all, We're about to migrate our datacenter equipment from Ubiquiti to Juniper and I'm preparing the migration and configuration.A little bit of context:- Two SRX340's- Two fiber uplinks to our...
View ArticleManually change to secondary
Hello, We have two old srx240 firewalls and one of them failed with the primary partition getting corrupted and the secondary partition with old software. We rebuilt the firewall with the same version...
View ArticleCGNAT configuration on SRX?
Hi all, I'm try to search CGNAT configuration on SRX but it just pointing on MX. So anyone can give me some example or url how CGNAT configure on SRX? Thanks and appreciate any help
View ArticleSwitching Questionnaire for Pre-Sales to ask customers
Hi, I was wondering if Juniper has a Questionaire table or something alike that we can send to our customers once they have a switching requirement. A lot of them just send that they need a switch that...
View ArticleUser identities from Cisco ISE to Juniper SRX
Hello, I wrote a small Python program that receives syslog messages from ISE, extracts information about users and sends them to SRX firewall via web API. If you want to test it, you can download it...
View ArticleSRX5800 in cluster mode with UTM
Good Day, require some clarity. According to Juniper online information active/active with UTM do not support EWF. So what does this exactly mean. Currently i have a SRX5800 cluster running in...
View ArticleIPSec failed to work in SRX110 with Cisco
I have to setup IPSec with the following information with a remote router cisco , Given information from Cisco managed router support team,IKE Phase 1 ProposalIKE Version IKE V1Encryption Algorithm...
View Article