Security Policy source-address-excluded
I'm unclear on how to exclude a single IP from a security policy (without creating a duplicate policy with reject). How do I match any IP except for one in a security policy? Is this the correct way to...
View ArticleSRX 240 - Interface is not authorized for HTTP access
Hi I have problem with web-interface configuration. I am not able to connect to web managemnt.Every time i get: Interface is not authorized for HTTP access Device: SRX240 (JUNOS Software Release...
View ArticleMultiple GRE interfaces not adding routes properly
I have a single "remote" SRX setup with a pair of GRE/IPSec tunnels, each to a different "hub" SRX gateways (ie 3 SRX boxes in total in this setup). I'm using GRE so I can send multicast traffic from...
View ArticleClik here to view.
App-Secure
i have a misunderstanding regard nested application for sorrow For example in appsecure it keeps saying that facebook and twitter are considerd nested applications inside HTTP 1-Is that means that...
View ArticleClik here to view.
can we have router on a stick concept in juniper SRX 340 firewall
Hello , I have got a new requiremnt from my manager saying that i have to allow two vlans from the same interface pointing to the firewall . How should i proceed further in this type of situation . I...
View ArticleGRE Tunnel, MTU problem
Hello, I have the following setup: My network at Location A (Juniper SRX5800) advertises IP Pool #1 after which the downlink traffic for IP Pool #1 is routed to my Location B (Mikrotik) via GRE Tunnel...
View ArticleSRX to ASA VPN
Hi Fairly new to srx and asa! I have an srx to asa vpn which seems to work ok until the vpn is logged out on the asa, the srx sees it as still established and so wont re-establish it till the below is...
View ArticleCannot identify Log message RT_FLOW: FLOW_REASSEMBLE_FAIL: FCB ageout before...
I am showing hundreds of logs showing the following: RT_FLOW: FLOW_REASSEMBLE_FAIL: FCB ageout before all fragments arrive, source 5.6.7.8 destination 1.2.3.4 ipid 7700 The destination address is our...
View ArticleRepeated log message: chassisd[2237]: Cannot read hw.chassis.startup_time: No...
I am running Junos 15.1X49-D50.3 on a SRX320. In the log messages I am seeing this log message numerous times. chassisd[2237]: Cannot read hw.chassis.startup_time: No such file or directory Does anyone...
View ArticleSRX user password expiration and history
Does anyone know if you can set the password expiration and track password history (to prevent using the same passwords again) for users in a srx running 12.x46 junos? Thanks
View ArticleQuestion about SRX-320 syslog syntax
Quick background. I'm a network engineer which has mostly for the last 15 years worked with Cisco stuff. Recently within the last 2 years started working with some Juniper SRX gear. Obviously have...
View ArticleClik here to view.
SRX Multiple interfaces same security zone
It's basically the default SRX100B config [load factory default], but I deleted the --- fe-0/0/7 interface to remove ethernet-switching, and make it a true routed interface with an IP of...
View ArticleIKE gateway configuration lookup failed during negotiation
HiI am receiving the error "IKE gateway configuration lookup failed during negotiation" in the kmd-logs. Does anyone know what specifically causes this IKE error?I can not find the cause of the error...
View ArticleTransparent mode
what is the use of bridge-domain in transparent mode ???is it to allow communications between different Vlans ??
View ArticleSRX300 Dynamic VPN Phase 1 blocked on some public WiFi - UK
I have an SRX300 running version 15.1X49-D75.5 per current JTAC guidance and have succesfully configured a Dynamic VPN gateway. I am using the standard (i.e. non-Juniper custom) NCP Windows and Android...
View ArticleSRX300 DDNS noip.com
Hello all, I am having difficulty getting noip.com DDNS to work with an SRX300. Am I doing something wrong or is it not possible?
View Articlepolicy based VPN
Regarding that policy based vpn create individual SAs :is this behavior is related to each host or each policy ,1-for example if i have a subnet on each site , whenever a host initiate a traffic to a...
View ArticleClik here to view.
IPSEC
would someone please explain what is meant by: preshared key is a key for encryption and decryption ??????????the standard is pre-shared key is used for authentication not encryption ?
View ArticleUnable to load config
So I have an SRX110 which I am trying to load my config to using the load overide method When I load the config to the SRX via USB I get the following error [edit] '<?xml version="1.0"...
View ArticleSRX-Difference Between static route and traffic-selector.
Hi,i would like to understand the difference between apply traffic selector in a vpn or apply a static route using the st0.x associated with security vpn. Scenario:source: 10.10.10.0/24destination:...
View Article