address persistent Vs address pooling
what is the difference between address persistent and address pooling ??i see that both of them translate the same address for the same external address for multiple concurrent sessions???
View ArticleUsing fully qualified domain names in security policies - traffic will be drop
Hello, i have a SRX1500 with Junos 15.1X49-D75.5. I created a security policy like this: policy pol_DMZ-MDM_to_Untrust-ISP1_Apple_feedback { match { source-address H_Airwatch-MDM_10.39.198.2;...
View ArticleBasic question about VLANs, IRBs, and routing to the Internet
I am struggling to understand conceptually and put into practice which I should think is a basic function of my SRX router. I have a Juniper SRX-340 cluster running JUNOS 15.1X49-D75.5. I have...
View ArticleDoes it make sense to have IDP monitor both from and to the Internet
I have a security policy - from-zone Internet to-zone Internal application idp Does it make sense to also have a policy - from-zone Internal to-zone Internet?
View ArticleAV Log File
Below is what I am using and the log is full of webfilter hits. Anything that has "av" in the url shows up which turns out to be quite a lot of hits. Below is the config for the filter. What would a...
View ArticleSRX 320 with HP switch - Ethernet switching issue
Hi, I've just encountered a very strange problem with a customers equipment and i was wondering if someone could shed some light. Network Topology is SRX 320 with VDSL 2 Annex B MPIM as the WAN and...
View ArticleCID-2:RT: Error : get sess plugin info 0x62fb2978
Hi All, When I rdp from server vlan to lab vlan, I can get to login screen (port 3389 is opened!). But I get "There are currently no logon servers available to service the logon request". I first...
View Articleirb interface ping loss
HI.. everyoneI have some problem with SRX300 configration. Problem is..irb.0 interface ip 10.47.0.177trust 10.47.0.181 --> 10.47.0.177 ping lossuntrust st0.1 (10.47.0.11) --> 10.47.0.177 ping...
View ArticleSRX 210 Intervlan Routing/Security Policy Issue
Hi, I have an SRX 210 with 3 WAPS and a bridge to another Router which holds the primary internet connection. I want to connect one of the WAPs default IP address through VLAN 100 but cant seem to get...
View ArticleIssue with SSH and ICMP
I have configured two 4100 SRX with Cisco switch with multiple ehternet VLANs across the link. Each VLAN specified individual zone and and subinterfaces. I also configured MGMT interface in-bound using...
View ArticleSRX newbie questions
We have a SRX220H2. I have setup port 5 as 192.168.5.1/24, port 6 as 192.168.6.1/24 and port7 as 192.168.7.1/24 . I hook a device to port 7 and try to ping 192.168.5.1 and can't. We have done all...
View Articleset SRX220 to an 'open' router configuration
If one wants to disable all security on the SRX220 and just have open routed ports, is there some commands to do this? Thx,K-
View ArticleSRX4200 dedicated HA ports
Dear J-community, We are about to migrate from an 5600 cluster to a 4200 based cluster. I have a few questions regarding dedicated HA ports : - Can I bring up both HA ports to provide control-links...
View ArticleIDP modes
The difference between integrated mode and dedicated mode ??is that dedicated mode the IDP will has its own processing resources ( like separete processor )
View ArticleSecurity Zones - Non IP Exposure
I have a problem a number of people must have found a way to resolve. How to set up zones which are also interlinked by non TCP/IP connections. In general terms, from a security zone point of view, I...
View ArticleSRX 240 PPPoE over VPLS
Hi, Wondering if anyone has a working config for a srx 240 to send PPPoE sessions to a M7i via VPLS. The VPLS is set up via a BPG VPN (l2.vpn). All tunnells need to initiate from a device plugged into...
View ArticleAppSec-AppFW-Windows based PC joining Active Directory
Hey, I have installed AppSec licensed on SRX5400, in my working environment there are some Windows-based PCs joining Active Directory (Win 2003-08 Server), I need to restrict PCs by applying the...
View ArticleSRX as Firewall Gateway Route mode
Hi, We are looking at this model SRX550 and SRX1400 for our small-medium size OpenStack data center. We want to find out this model can be configured as the following setupPublic IP rangeExample...
View ArticleThree VPN's, one is not quite right.
I have two Juniper SRX 300's.Each have a VPN to Amazon VPC.I have a VPN between the two SRX.I have setup the following:SRX-A has VPN with Amazon VPC.Resources on local network can access resources in...
View Articlepinging between interfaces
We have disabled security and gone to packet mode. I have configured one interface as 10.0.1.1/24 and another interface as 10.0.2.1/24. I hook a laptop to 10.0.2.1 and give it an ip address of...
View Article