Routing-instances on egress interfaces broke my destination NAT policies
I have implemented a dual-WAN with failover configuration for my SRX 300. Each egress interface (Fiber and Cable) has a separate default route, so they are placed in distinct routing instances.The...
View ArticleSRX300 totally configured but not internet connection
Hello,I currently have a cluster of two SRX300 configured in HA but I cannot connect to the internet I see HITS in the firewall rule and NAT rule but I don't have internet access. I PING and resolve...
View ArticleRemote Access and Crude ping availability of NODE1 when SRX345 and SRX1500 in...
Hi All, I am keen to have our NMS systems carry out a crude check to ensure that NODE1 of an SRX cluster is responding to ICMP.We gather all SNMP information via the loopback address that is...
View ArticleTCP Syn check on zone based firewall
I am wondering how the SRX handles a scenario where you have asymmetric routing between two interfaces in the same security zone. Imagine you have an SRX with connections to two different ISPs, both of...
View ArticleSNMP polling broken after implementing dual-WAN and routing instances
I have implemented a dual-WAN with failover on my SRX, and am using routing instance to separate the default router for each WAN link.The goal is to failover from WAN 1 to WAN 2 when IP monitoring...
View ArticleSDWAN Inquiry
I have 5 branches each one has separate internet line and backup of this line.I need to link between all of them using SDWAN so please advise which model of SRX will be suitable for this ruleand the...
View ArticleSSL VPN vs Dynamic VPN
I found that Dynamic VPN is based on IPsec VPN on SRX series. If I have SSL VPN requirement, what's difference between Dynamic VPN and SSL VPN? Please sugguest me Thanks!
View ArticleTraffic entering on node0 and exiting on node1
we have a cluster SRX1500, all looks good, but traffic is entering node0 but exiting on node1. Anyone any idea why this is happening?Here is example:...
View ArticleCannot Update SRX550
Hi!I have a software package for my SRX 550. I am currently running 12.1X47-D20.7 and I am looking to upgrade to 12.3X48-D100. Whenever I try updating from the GUI I am not seeing the usual upgrade...
View ArticleYouTube's web filtering block is not running
I have created a web filtering block for YouTube, Facebook, Instagram on Juniper SRX, how to configure it properly and correctly.at this time I have made the rule youtoube run but must clear cookies...
View ArticleTraffic between vlans applying security policies ¿possible?
Hello everyone!I have a question I would like to ask:I need to create 4 vlans (internal) - vlan10,20,30 & 40Assign them ipAssociate them with the trust zoneAnd that the teams in vlan 10 can...
View ArticleI have ISP failover working, but now the archive-sites and ping does not work
I set up ISP failover on my SRX300 - and it works!! I can even ssh in from the selected IP addresses I put in the firewall filter for any remote administration I need to do. Problem - I cannot ping...
View ArticleStatic MAC for Reth interfacess
Hello Everyone, I have 2 SRX5800 which are in a cluster, with a cluster-id 2 in Region-A. I have another pair of SRX with cluster-id 2 in Region-B.I want to extend layer 2 between RegionA &...
View Articleirb with multile vlan-id (vlan-id-list not supported) traffic between vlans
Hi!I have a question: NETWORK VLAN-IDVLAN 1 10/20VLAN 2 30 I have these 2 vlans: 1 and 2Vlan 1 has two IDs: 10 and 20 I need VLAN1 devices to communicate inter-fw with...
View ArticleThe use of general-ikeid
Hello, I have been setting up advpn as part of a deployment using ecdsa-signatures-256. Root CA and Local Certificate are successfully loaded onto the box. Using the documentation:...
View ArticleFBR - PBR - SRX - Outbound L3 inbound L2 Flow and IRB interfaces
Hi everyone! I' ve a question: Topology: untrust interface trunk SRXtrust interfaces irb (local vlans) I need the external traffic to pass to the internal vlans of the irb interfaces...
View ArticleInstance-type virtual router with RPM/IP SLA?
Hi all, May i know whether is possible do IP SLA/ ICMP tracking if we use instance-type virtual router to do PBR? Thanks and appreciate any feedback
View ArticleGerman FTTH PPPoE Experience using a SRX (GlasfaserConnect Bochum)
Hi, I just want to share my experience with setting up a FTTH connection using a SRX300. Basically my ISP only provides a PPPoE username and password and that you have to use VLAN-tagging with VLAN-ID...
View ArticleClik here to view.
SRX Intra-Zone traffic
I currently have a setup as per the diagram below. When I ping (and other traffic) from the remote site firewall (3.3.3.1) to ISP2 IP address on the firewall (2.2.2.1) it works fine. I know because the...
View ArticleDowngrade from 19.2 to 12.3
Hi, I recently upgraded a cluster of SRX5400 from 12.3 to 19.2 and I need to revert it back to 12.3. When I try I get the error: ERROR "/usr/libexec/ui/downgrade" the bootstrap installer is missing......
View Article