How to fix JDHCP amnesia?
I have some clients that I occassionally reboot but I find that after a reboot, they get another address from the SRX's server. This happens most of the time while their lease has not expired and I...
View Articlessl handshake failure on firewall-authentication pass-through with HTTPS
Hello, I'm expetimented the following issue when try to do a firewall-authentication pass-through with HTTPS. The same configuration are used in several srx3400 boxes and the same wildcard ssl...
View ArticleSRX 3600 OID for tottal device Trouput
iam looking for the OID for the srx 3600 that show tottal device throuput and only i can found is the bandwidth. the device is srx3600 with jouns image 12.3X48-D40.5
View ArticlePulse Secure VPN connection issue over SRX240 Firewall
Hi all, Off late people complain of unable to connect to vpn with them getting the following error on pulse secure app "error 1468 unable to resolve hostname". And this error is random, same user gets...
View ArticleSRX340 to be DHCP server and gateway for 4 VLAN's
I am struggling with the config to have SRX340 perform gatway and DHCP serverices for 4 VLAN's. VLAN 7, 66, & 3333 are tagged from Unfif controller and AP's. I want to use interface ge0-7 which is...
View ArticleSRX IKEv1 Traffic Selectors vs Proxy Identity
Hello experts,I have the following scenarios related to SRX implementation of traffic selectors vs proxy identities. I am running this experiment using vSRX 12.1X47-D15.4. I am using IKEv1 as for this...
View Articlehow to check deny traffic log in cli and webui
Hi,We have configured below security policy but we are not getting deny log of source IP set security policies from-zone External to-zone DMZ policy DenyALL match source-address any-ipv4set security...
View ArticleCommand to restart all services to avoid reboot
Hi,Is their any single command or way to restart control and data plain service instead of rebooting(soft/hard) the appliance.
View ArticleNVR and destination NAT
Hi All,I am beginner in SRX.I got below error in destination NAT.I want to access my NVR from outside NAT work.I am using destination NAT and allow any application.NAT is working.I can access NVR login...
View ArticleClustered vSRX on ESXi6.5 - unstable ge interfaces
Hello, I'm trying to setup 2 vsrx version 18.4R2.7 clustered running on esxi 6.5. Following along with vsrx deployment guide and I have yet to get a stable setup. I have verified the the "Exposure HW...
View ArticleSRX family inet QoS filter - no hits
Hello.I'm struggling with a family inet INPUT filter. It's supposed to send traffic to a different forwarding class. This is a SRX210 from my lab and it's configured with a public Ipv4 adress on...
View ArticleRPM icmp-ping failed in SRX345
Hi, experts, Just can not fix the RPM issue in icmp-ping test, your expert advice is highly expected: I am running SRX345 ( but it should not be the hardware and Junos issue, due to two out of 5 SRX345...
View Articletraceoption can not archive file
Hi guys, I found the traceoption can not archive the file, while the file size is execeeded ( and the file size is keeping increasing ). My configuration is the following:root@labtest-fw2> show...
View ArticleVPLS over GRE - one end won't come up
I'm following the Juniper example here for VPLS/IPSEC over GRE tunnel. My remote office SRX220 brings up the tunnel but my local office SRX345 doesn't. For testing, I have the public statics on the WAN...
View ArticleDHCP Options on SRX320
Hello,I have an SRX320 and we are moving to a hosted phone provider. They have asked for the following DHCP Options DHCP OptionsCould the following DHCP options by added to the voice VLAN: option 66...
View ArticleIKE negotiation failed with error: IKE gateway configuration lookup failed...
Hi folks, I am getting the following log message when I try IKEv2 VPN from my iPhone ios 13 to my Juniper SRX 320.Please note that I can connect to my Juniper using Pulse Secure using my laptop...
View ArticlePPPoe not connecting
Hello, I have a SRX320 with a VDSL card that worked first time to successfully dial out but then after that it suddenly stopped working My pppoe config is as follows: show configuration interfaces...
View ArticleRoute-based ipsec SRX4100-ASA traffic selectors 1 subnet to many behind ASA
The IPsec configured is failing at phase 2 with the error "[Nov 5 11:02:00][165.X.X.X <-> 74.X.X.X] Authenticated Phase-2 notification `No proposal chosen’ (14) data size 4 from 74.X.X.X for...
View ArticleClik here to view.
Enable multicast traffic into the same security zone
Hi, I would like to send a multicast stream from a source connected on one interface to an other interface on an Juniper SRX240 (12.1X46). Mutlicast source is connected on ge-0/0/3 interface.Clients...
View ArticleSecurity Director Hit Count shows NA
I have a few rules that show the designation "NA" for the hit count. This means "not available". Does anyone know why the hit count would be unavailable for these rules?
View Article