Clik here to view.
SRX/J ipsec packets discarded after flow process before entering ESP encryption
Having some strange problems with a J6350 lately. IPSEC tunnel comes up fine with both P1 and P2. ICMP packets can get through the tunnel just fine. SSH or any other type traffic dispears after the...
View ArticleDifference between address with subnet and range-address in address-book
Does someone knows the diffrence between : book { address ABC 192.168.1.0/24 } and book { address ABC { range-address 192.168.1.0 { to { 192.168.1.255; } } } }For me it is the same thing...
View ArticleSwitching from SSG to SRX (SRX110 EoL?)
Hi @all, First of all a big HELLO to the whole community. Some of my customers are equipped with the SSG5 and soon there will be time to replace them. All that SSG5 work very fine without any problems...
View ArticleSRX300 Setup Problem
Hi My company have recently brought a SRX300 to replace our SRX100h and I have hit a few problem when setting up. Hoping to find some help here. The SRX300 will have 2 internet uplink connected and...
View ArticleIs it guarentee ISSU chassis cluster upgrade no downtime?
Hi All, When i look in this url http://kb.juniper.net/InfoCenter/index?page=content&id=KB17946&actp=search it's look like ISSU support all services. May i know whether someone in here have...
View ArticleClik here to view.
Duel IPSec VPN (Active/Backup)
We have plan to install Juniper SRX550 in our core. Our requirement is -Redundant IPSec tunnels for same destination LAN using 2 separate uplinks.IPSec have to be policy based, because our clinet...
View ArticleHow to add huge list of ips to prefix-list using CLI
How to add a huge list of IPs in one go to prefix-list using cli ?for example add all those ips https://lists.blocklist.de/lists/ssh.txt
View ArticleKernal Error in messages log
Jun 6 14:14:05 node1 /kernel: if_pfe: Error 8 (No IFD) on IF command 53 (IFD bchip stats) Jun 6 14:14:05 node1 /kernel: if_pfe: Error 8 (No IFD) on IF command 117 (IFD queue stats) Jun 6 14:14:05 node1...
View ArticleWhat list of service that need to reboot the SRX?
Hi All, Beside of enable IPv6 on flow mode that need to restart the chassis, is it need other service other than that. One more thing is it by default the MPLS & ISO enable on flow mode? because...
View ArticleHow to do destination NAT with domain?
Hello, I'm wondering whether it's possible to do destination NAT with domain name. Something like: - service1.example.com -> 172.17.1.3 port 80- service2.example.com -> 172.17.1.4 port 80 There...
View Articledhcpd service restart
Hi, We have some issues with our network and need to change the dhcp lease time. The server (SRX200) is on a quite busy LAN, and I'd like to know is if such a change will: a) send a forcerenew to all...
View ArticleClik here to view.
SRX 300 version downgrade to 12.3X48
Hello, I would like to downgrade my SRX 300 to version junos-srxsme-12.3X48-D30.7-domestic, because it has a longer support. See table below:ProductFRS DateEnd of EngineeringEnd of SupportJunos...
View ArticlevSRX maximum vpn tunnels
Hi, Is it possible to know how many VPN tunnels can be established on a Junos vSRX gateway ? The datasheet doesn't show anything and I can't find any command showing the limit of the vSRX. best...
View ArticleVPN fragmentation - How to check if SRX send fragments
Hi, I'm investigating a fragmentation issue for a VPN on a SRX running JunOS 12.1X46-D40.2.The remote host says that it's fragmented.I have set the: set security flow tcp-mss ipsec-vpn mss 1300Still...
View ArticleSRX w/ multiple routes/paths
I'm thinking this may be related to flow mode but if someone can confirm that and if there's a way to work around it while remaining in flow mode that would be awesome. SRX220 or 100 w/ two uplinks....
View ArticleSRX5600 source NAT pool unevenly used
Hi! Using snmp looking at the jnxJsNatSrcNumSessions it seems very un-balanced for our nat source pool user-shared-pool (x.y.142.0-x.y.142.255). For some (individual) IP addresses, the number of...
View ArticleSlow Site to Site VPN tunnel
Site to Site VPN tunnel between two SRX 210's both running 12.1X46-D45. I expect to get a transfer speed close to 30MB/s Currently I'm my transfer speed is right around 6MB/s . Its been an on going...
View ArticleHow to apply NAT before policy based IPSEC VPN? Virtual router an option?
Hi all, have an issue.Need to set up an IPSEC VPN from Juniper SRX 240 to a third party, running PFSense firewall. LAN subnet on my end is 10.0.0.0/24The requirement is to have it NAT-ed (source NAT,...
View Article