Logical Systems on SRX Branch devices
I saw in Logical Systems Overview documentation that starting in Junos OS Release 18.3R1, an SRX Series device running logical systems or tenant systems includes three licenses by default. One license...
View ArticleDetails in IKE phase 1 and phase 2
Hi I read three times on IPSec topic but I 'm confused. When I select autoIKE (Pre-shared key), Why DH is need to generate a key?What's different between authentication and encryption type during IKE...
View ArticleIPSec VPN using alternative IP
I'm trying to create a new Site2site using an IP which is within the subnet for the external interface. For example:External InterfaceReth5.1010.1.1.1/24But I'd like the local-address for the IKE...
View ArticleNessus scans, ssh "weak" ciphers
no matter what i do it still pops up this is what i have configued am i missing something? set system services ssh root-login denyset system services ssh protocol-version v2set system services ssh...
View ArticleClik here to view.
How to install DHCP for VLAN in SRX300
I have a diagram as same as bellow:I want to configure DHCP for VLAN10 to clients can get ip information dynamically from the Router (my dhcp configured here).here is configuration Juniper...
View ArticleRecovery password for SRX345
I want to recovery password on SRX345 but after autoboot process, there's no loader prompt Boot Media: eUSB usb Found TPM SLB9660 TT 1.2 by Infineon TPM initializedHit any key to stop autoboot:...
View ArticleFXP0 interface configuration for Juniper SRX300 cluster
Hello all, I have 2x SRX300 clustered together. Interface Gi0/0/0 (in each node) is my FXP0 so I have connected it up to my switch where my default gateway sits (VLAN L3 interface 10.10.10.254/24)....
View ArticleJuniper SRX300 standalone FXP0 interface configuration
Hello all, I understand that once 2x Juniper SRX300 are clustered, interfaces ge-0/0/0 become dedicated FXP0 (Out-of-band management interfaces) for both firewalls. Which interface can I use as the...
View ArticleIssues with WebRTC traffic
We access an external website that employs WebRTC to deliver audio and video streams. If I try to access this website whilst connected via an SRX the streams do not work, if I access this website on...
View ArticleClik here to view.
Communication issue btw SRX1500 and multiple vSRX's
We have 3 vSRXs and 2 clusters of SRX1500's and the vSRX's are having issues communicating with thier gateway (1 SRX 1500 cluster reth interface) using the fxp0 interface that is within the mgmt_junos...
View ArticleSchedulers in COS
[edit class-of-service schedulers test]transmit-rate 10 percentshaping-rate 20 percent If scheduler test is mapped to class classTest. Question is this schedulers will do transmit-rate or shaping?
View ArticleSRX "MIP" not routing
I'm used to ScreenOS and Mapped IP of a public static to NAT'ed VLAN trust interface with an policy to allow a specific port for inbound TCP traffic coming from the Internet, but I understand JunOS...
View ArticleVoIP and videocall problem through static NAT
Hello All,I've set a static NAT on my juniper SRX to a VoIP server. I've specified rules so that service can flow from either side. But the calls don't work, same for the video calls.Any idea about it...
View ArticleStruggling with removing
Hi guys, I´m setting up a new SRX340 cluster, have set up the chassis cluster, but I´m stucked triying to remove a persistent alarm on fxp0. I have run the comands set chassis alarm management-ethernet...
View ArticleStruggling with removing management interface ALARM
Hi guys, I´m setting up a new SRX340 cluster, have set up the chassis cluster, but I´m stucked triying to remove a persistent alarm on fxp0. In the SRX340 there is a dedicated management interface that...
View ArticleIs the routing table that handles the traffic of the management interface...
Is the routing table that handles the traffic of the management interface separate from the routing table that handles the original user traffic?
View ArticleClik here to view.
Security policies between zones question
When applying security policies from-zone A to-zone B with match application any parameter, does it mean thatftp, ssh, telnet, HTTP and the rest are instantly allowed for the traffic going between...
View ArticleSRX5600 dual manment modules
i have 2 srx5600 with HA each node has dual managment module "RE" . that mean i have 4 modules in my setup. one of this module has HW.failure. question is why HA has been broken between them and is it...
View ArticleClik here to view.
SRX 320 Policy
Im Having a Problem with my PolicyI can ping our server (116.214.107.139) with this policy set security policies from-zone UNTRUST to-zone TRUST policy UNTRUST-TRUST match source-address anyset...
View ArticleCant connect Static NAT from inside from other zones
hi, i have configured a static nat on our srx and mapped ine of the public ip to internal ip at the zone LAN. On the srx there several zones configured and I cant reach that static nat public ip. Zones...
View Article