Port mirroing in srx3600
Hi All, I have some problem in SRX3600 with port mirroring. Can i do port mirroring from fibre(Xe-0/0/1) port to copper (G-0/0/7)? If so how can i do that? In reth0 i have a more vlan from different...
View ArticleReachability Issues With SRX Routers and OSPF
Hey All, I'm working on a physical lab with 3x SRX210s, 3 Cisco ME3400's, and a Cisco 1841 in training myself up when it comes to multi-area OSPF LSA propagation. I've turned up area 0 (which consists...
View ArticleCustom user permissions
Hi, I want to create a custom user class that has the ability to view and modify the configuration with the exception of root access/password and other user's access/password. Is there a way to do...
View ArticleHigh system CPU usage when using screen to limit udp flood
Hi, We are using SRX240H2 as our GW. Today just for testing purposes I've set the udp flood threshold for 3000 pps. For our network usage is is OK to have even 25 kpps of UDP traffic, but that not a...
View ArticleCant figure out policy dropping traffic
Hi, I havea system setup as follows: Juniper SRX ge-0/0/0 attached to cellular provider on private APN2 cellular routers (default route from provider is to the srx)gre tunnel between each cellular...
View ArticleSRX 300 RSTP?
Have an SRX300 on 15.1X49-D60.7, and get the message "unsupported platform (srx300)" when trying to configure RSTP. Do these routers have any spanning tree abilities? Anything you can do to prevent...
View ArticleIP Sec VPN with Checkpoint and Proxy ID
Hi , I have a question about IP Sec VPN Connection Checkpoint > Juniper Some times I found error message from checkpoint "no response from peer. IKE failure " As i check on juniper srx did't...
View ArticleIpsec tunnel down when ike lifetime reached
Hello, I have a problem with an ipsec tunnel between a srx240 (running junos 12.1X44-D35.5) and a linux strongswanTunnel goes up and is working fine but when ike lifetime is reached, it goes down and i...
View ArticleTelnet Command
Hello I would like to telnet a mail server from srx 240 i tried this telnet hostname port 25 interface is the above command correct
View ArticlePing using interface
How to ping www.google.com As i have several interfaces primary:node0}admin@FE-FW> show interfaces terseInterface Admin Link Proto Local Remotege-0/0/0 up downgr-0/0/0 up upip-0/0/0 up upge-0/0/1...
View ArticleCancel a pending "commit confirmed"
Is there any way to cancel a pending "commit confirmed" command? Say you gave yourself 5 minutes to see if your active configuration was going to work, and you realize - oh, I missed something lets...
View ArticleMalicious IP Filter
Does anyone have a pre-built prefix list to block malicious/foreign ip ranges in a firewall filter? A set command dump would be most appreciated.
View ArticleSimply cannot get SNMP working on SRX240
Hi guys,Hope you can help me, after many attempts to get SNMP working I am turning to you for some help.My config looks like this: security-zone Trust { description "Trusted Zone ";...
View ArticleJuniper SRX240H2 FPC 0 PIC 0 CPU utilization
Hi, Just want your oppinion guys. Are SRX240H2 really so weak, or I'm missing some configuration?The only thing this SRX does at this moment is OSPF, BGP, NAT and some simple CoS on the uplink...
View ArticleReconnect 2nd SRX550 to the cluster
Hey Everyone,I have 2 SRX550s configured in a cluster. A little while back, the primary SRX was accidentally put into L2 mode. After this happened, the secondary SRX was powered down. JTAC was able to...
View ArticleQOS question - phsyical port speed override?
Hello, First, I'm very new to QOS and learing quickly on the fly. Basically the QOS configs kind sucked, my boss (CCIE) tasked me with wiping them out and redoing them from scratch for the enterprise....
View ArticleClik here to view.
SRX1500 SSL Proxy Signing hash
We have SSL proxy service running on our SRX1500 and everything is working. The minor issue I have is that the certificate presented to users (generated by the SRX1500) is signed using a SHA1 hash...
View ArticleDynamic VPN on a SRX650 chassis cluster with 12.3x48
Can a Dynamic VPN be configured on a SRX650 chassis cluster with junos 12.3x48? If it is not supported, what is the reason? My investigations so far:================Dynamic VPNs need Policy Based...
View Articlehow to bypass remote-ike-id check on MX80 MIC
Hello Guys, Could you help me to bypass remote-ike-id check on MX80 MIC? I configured site-to-site vpn and in logs I get: Oct 5 11:20:46 [10.42.131.130 <-> 10.42.147.32]...
View ArticleBAD SPI messages in the event log ( Juniper SRX )
Hi I have a question about IP Sec VPN Connection Checkpoint > Juniper Some times I found error message from Juniper SRX [1297]: IKE negotiation failed with error: SA unusable. IKE Version: 1,...
View Article