Configuring SRX340 Point-to-Point and Public IP Assignment
Hi, Hopefully, I have posted this in the correct forum. ;-)Could someone please advise me how I would configure an SRX340 with Junos: 19.4R1.10 to do the following:- I have been assigned a /25 block...
View ArticleVPN renegotiation causing DB connection errors
Hello, There is a report of connection errors on DB server when we see the following logs.This DB communication is over a site to site VPN between two sets of clustered SRX 340s in different DCs.(IPs...
View ArticleSRX340 boot from hard-disk is possible?
Hi Guys I'm new here, So I have a SRX340 that has problens with the internal flash, I did a snapshot on a USB start on it and when I send the command request system snapshot media internal it gets a...
View ArticleNo Line End Character SRX240H2 latest firmware
Hello, I upgraded an SRX240H2 to 12.3X48-D101 built 2020-04-12 firmware. When I use the J-cli with Maintain, Config Management-> History, all downloaded files does't have ay line end charactersThe...
View ArticleClik here to view.
SRX IPSec VPN and NAT questions
I am working on a IPSec VPN between SRX220 and Cisco ASA. The SRX has a default nat configured, I used policy-based VPN. My question is nat first or encryption first ?From ASA Log I saw the...
View ArticleSNMP Event ID List
Hi, I am trying to find docuementation that covers the SRX650 and contains the list of possible events with the associated Event ID. The list from Juniper seems to include the events but not the IDs...
View ArticlevSRX IPsec persistent phase1 negotiation and random paket loss
Hi guys, I have a troubles with IPsec tunnel between my vSRX 3.0 and remote ASA not upon ours control: Phase 1 turn UP, but has made it every ~ 1 min and I have get in log junos-ipsec kmd[6254]: IKE...
View ArticleDHCP Option 82 insert on SRX300 in switching mode?
Hello, Looking at using an SRX to insert DHCP option 82 in switching mode on some ports. I've looked through juniper documentation and the non-els options don't seem to exist. I've tried configuring...
View ArticleSRX340 Behaving Badly
Hi All: Ever since upgrading Junos from 15.1X49 to 18.2R3 (currently running 18.2R3-S2.9), which was the JTAC recommended change, on my SRX340 and SRX300 series I have had some very strange propblems....
View ArticleClik here to view.
SRX Invalid address entry
hello everyone i hope that you all doing well.I have an srx 12 when i set an address book and i try to commit i face the following error.Any one can help please
View ArticleLoss SSH after upgrade SRX210 to 12.3X48-D101
Hi,before Upgradingour configuration out-of-band as a guide on link https://kb.juniper.net/InfoCenter/index?page=content&id=KB23823 after upgrading to 12.3X48-D101, we can not SSH anymore and...
View ArticleBranch Series SRX Cluster VPN Throughput
Hi, I'm hoping someone can help clarify something about VPN throughput. For SRX550 the datasheet says VPN throughput of 1.0 Gbps (large packets), so I understand I'm probably not going to see that in...
View ArticleDNS client lookups not working
I think I'm having one of those days! I have Windows PCs. I've just changed some clients to use only their respective SRX for DNS lookups. However, the clients cannot resolve anything. As soon as I...
View Article(No failback on IPSEC Tunnel) Dual ISP with VPN Failover using IP-Monitoring
Hello All. Having an issue with a configuration that has dual ISP's and dual IPSEC tunnels going to a my data center firewall. I'm using IP-Monitoring to fail over to the secondary ISP interface and it...
View ArticleSRX Sizing
Hello,Could You help me by referring to a document to specify the proper model of SRX to any envirnoment.If I have the infrmation of the internet bandwidth which exists , total concurrwent users,...
View ArticleStreaming KMD (Ipsec ) LOGS
Hi is it possible to stream KMD logs to an off box syslog collector Currently i have this configuration (see below) in place but i only appear to be getting logs relating to Firewall rules and...
View ArticleWhat does "CP NACK" mean?
Hello, I have a log entry stating "session closed CP NACK" with these packet counters "0(0) 0(0) 1".All I found was an explanation for the log entries, and that only contains a table:CP NACK response...
View ArticleFL - Fabric Connection Monitoring
I recently see this in Monitor-failures on two SRX clusters after upgrade. During this time I lose one node and it come back up after some time. Will this be harmful to my services? Is there a document...
View ArticleLocal Cert Not Enrolled
I just replaced a cert on a SRX 345 but I get an alert in the log stating that the local cert has not been enrolled. Everything seems to match with the CA and I don't know how to fix this.
View Articlenode1 goes from hold to secondary to disabled
After upgrading a pair of SRX320s to 15.1X49-D210, I cannot get the cluster to reform. The primary node comes up ok but I cannot get the secondary online. I've tried doing the following on the...
View Article