Clik here to view.
SNMP ObjectsTable per logical-system
Hi everybody!I have an SRX divided in 3 logical systems: I would like to grab the SNMP values of the string jnxJsSPUMonitoringObjectsTable for each of the logical system I have configured.If I walk...
View Articlesrx110h2 HA options
Hi, I have two srx110h2 boxes connected to two ex4200 switches (which are in VC mode). I understand chassis cluster is not supported for some reason on the srx110h2? Why? What are my HA options then?...
View Articledynamic vpn
Hello, I am wanting to configure dynamic vpn to allow multiple clients to connect. Each client may have a different IP to a device/server directly connected to SRX. I have configured the basic...
View ArticleClik here to view.
SRX650 and FTPS
Hi, We came through this issue today , so just wanted to share this information with you guys . Error received while trying to connect to a remote FTP server , this error received on filezilla .Could...
View ArticleThe problem with NAT and version
I have simple test- config SRX210 interfaces { ge-0/0/0 { disable; } ge-0/0/1 { disable; } fe-0/0/2 { unit 0 { family inet { address...
View ArticleMultiple vpn connections
Hi, I have two srx devices which are connected through a route-based vpn. Our srx1400 network has a Windows server and the client's network is behind a srx210. The clients workstations on the srx210...
View ArticleLACP between SRX and EX
Greetings All, I am attempting to create a LAG between an SRX345 and EX4200 Virtual Chassis. The trivial case of single ethernet connections is not a problem but I am having trouble replicating my...
View Articlehow to reference a specific term within a FW application
HI all I got this example below. As you can see it is an HTTP application with many different ports. Now when I create FW polices I would just use http_all as my application and that would be it. But...
View ArticleRestrict access to GUI web interface?
How do I restrict access to the web interface on an SRX210? For example if I only want it accessible from inside my local network and not the internet, or only accessible from the internet from...
View ArticleSRX210 tunnel ipip
I'm doing a PoC for a customer who connects to his remote offices via tunnel IP over IP.I just realised the SRX 210 I am to use has just one tunnel ipip interface; ip-0/0/0 and the customer has...
View ArticleSRX 110 - SIP call cannot resume from on-hold
Hi, we are having this annoying issue since we rebuilt our SRX110 from scratch. We lost the original config and it seems that there was something configured on there that made this work. Each time we...
View ArticleAggravating SRX filter-based-forwarding limitation - still an issue?
I'm wondering if newer versions of Junos can overcome the limitation described below or if anyone has any conceptual ideas on how to simplify what I had to do below. Our SRX210 cluster setup has to be...
View Articlesrx web application where to start
Hi all I have this idea but I am not sure where to start. I would like a webapp that takes the following: source IP, dest IP, applications, and scheduled expirary date and generate the FW commands for...
View Articleaddress/address-set under nat destination
Hi everybody.I; struggling to understand what is wrong with my conf.I'm configurig a nat destination rule:set security nat destination rule-set PFW-RASPI rule PFW-8080 match source-address-name...
View ArticleSRX doesn't resolve internet domain names
I don't know why, but apparently my SRX can't resolve internet domain names, for example www.juniper.netI realized this because I created a policy to block some internet pages, but this policy never...
View ArticleHow often are domain names updated in address book?
I've noticed that the SRX allows domain names to be added to the address book, as follows: security-zone untrust { address-book { address SomeHost { dns-name example.com; } But how often will the...
View ArticleIPsec Phase II SA active but not Phase I SA
Hi, I am buffled on what I see here, a SRX-650 (running 12.1X46-D40.2) has an IPsec tunnel to a remote gateway, IPsec SA is active and traffic is flowing fine, but I don't see anything on IKE phase I...
View ArticleSRX300 and dynamic VPN not supported
I was setting up a dynamic vpn on the new SRX300 running JunOS 15.x code and was getting authentication errors and was told by tech support that its not supported. Anyone have a different experience?
View Articlejuniper srx SSL cert update
Hello, I would like tu update my selt signet certificate. What I did: request security pki generate-key-pair certificate-id test-gw-2016 size 2048 request security pki generate-certificate-request...
View ArticleFirewall conversion
Hello, I want to know if it is possible to convert our Firewall ASA 5540 configuration file to Juniper SRX 5400. If this is how is it done for the conversion?As part of this move, The SRX 5400...
View Article