FTP Debuging
What is a good way to debug FTP dropouts / timesouts that are randomly happening. I don't have a full list of all outside the out side IP's that are in use. FTP ALG's are tuned on.
View ArticleUTM Web Filtering reputation action per category
What purpose does a reputation-acton under the category has? I tried to configure it, and not matter what, category action gets executed instead. For example, this: Enhanced_Business_and_Economy {...
View ArticleAdding two TACACS Server in one Single SRX
Hi, I have an SRX240 Firewall. Is it possible to add two TACACS Server for authentication. The two tacacs servers are located in two different locations. Is it possible for people configured in both...
View ArticleSRX Firewall User Authentication Not Working?
I am following the procedure listed in: https://www.juniper.net/documentation/en_US/junos/topics/task/configuration/security-user-role-policy-with-firewall-authentication-configuring.html But even...
View ArticleSRX5400 SRX-RA1-5000 License
Does SRX5400 box really support SSL remote access VPN capability? I can see following license can be ordered together with SRX5400.Remote Access VPN service: 5000 concurrent RA Users by using NCP...
View ArticleAny ideas what does it do? (idp sensor-configuration security-configuration...
[edit security idp sensor-configuration]admin@XXXX# set security-configuration protection-mode ?Possible completions: datacenter Security protection mode for datacenter datacenter-full...
View ArticleMany-to-one NAT through SIP ALG
Does anyone know whether or not the SIP ALG on the SRX platform supports a many-to-one NAT traversal setup? The scenario would be to have multiple private IPs initiating SIP calls destined for an...
View ArticleAfter abrupt power loss SRX300 stack in Octeon srx_300_ram# prompt and then...
After abrupt power loss SRX300 stack in Octeon srx_300_ram# prompt.This is happens not only to one unit , it fails almost every time I see this on multiple SRX300. I thought it might be JunOS issue...
View ArticleClik here to view.
problems with voip
Hey guys, first of all -> this is an issue regardin JunOS and ScreenOS i am currently facing a strange problem with VoiP Phones in a company.let me first describe the topology.VoiP-Clients ->...
View ArticleClik here to view.
SRV 1400 (ha cluster) with policy-based VPN to Vyatta FW *need the experts here*
#Output has been sanitized. #Scenario: VPN between Vyatta Firewall and SRX1400 cluster.-VPN type: policy-based (route-based @Vyatta FW not an offering; so not an option as of now)-Pre-Shared Auth-IKE...
View ArticleDestination-nat question on port mapping
Hi, I have a scenarion wherein I need to give access to HP seerver ILO service from the internet. The ILO runs on port 80 or 443 but once inside the ILO there is a remote console option that uses port...
View ArticleIssue with packet processing, SRX 3400
Hi guys, I would like to ask for help solving some on first look - basic issue.My friend got refurbished SRX 3400. Since that firewall was part of a cluster in the past, we have disabled the clustering...
View ArticleSRX IDP - Only log drop action on multiple matches in policy
Hi folks. I am going through a project with IDP on the SRX. While we tune the IDP, there is multiple matches on attacks when in the policy. For instance, I added some XSS attacks to a new rule with an...
View ArticleClik here to view.
Flaky SRX Cluster cycles for no reason; 12.3X48-D45.6; SRX210HE2; vlans w/out...
Hi, folks: Scrarching my head on this one. Have a cluster of 2 x SRX210HE2. Cluter has been only marginally stable for roughly 2 years. Just upgraded to 12.3X48-D45.6 and got motivated to really...
View ArticleSRX not passing syslogs to syslog server
Hey Guys, Hope you can help me. My syslog config looks like this. show system syslog archive size 100k files 3; user * { any emergency; } host 192.168.1.72 { any any; authorization any; daemon any;...
View ArticleJunos Upgradation on SRX 3600 high end device
Hi All,I will be upgrading SRX3600 devices and these devices in High Availability Cluster. We are upgrading from12.1X45-D30 to 12.3X48-D45. We will be using either ISSU or manual upgradation. I just...
View ArticleIssues with Ping Responses for two ISP links
Hello,My customer is having issue with his SRX210. The Issue is that he wants to get ping responses from both the ISP links, but he is able to get ping response from only the active link.He was using...
View ArticleSRX delema: how to route traffic not matching proxy-IDs/encryption domains...
Hi, guys, We have a need to setup IPsec VPN with third-party Cisco IOS by using route-based VPN (long story short, we can not use policy based VPN because of its NAT limitations, we can not do...
View ArticleWhy does it work ?
Hi everyone. I'm testing in my lan 2 srx-220 HIPSEC + GRE + OSPF First I've decide to config IPSEC + OSPF.So there is config on 1 node set security ike proposal IKE_prop description Propor_IKEset...
View ArticleDynamic VPN group and shared IKE-ID
i have read the (understanding group and shared IKE-ID ) explanation on juniper site what i understood is that group IKE-ID allow to configure a single VPN which can be shared by multiple remote...
View Article