IPSEC phase 2
what is meant by phase 2 is unidirectional ???> Does it means that it will create 2 tunnels ( each side will have different SA ) ??
View ArticleIPSEC
Why IKE creates just one bidrictional SA & IPSEC create 2 SAs??? what is the idea behind that
View ArticleIpsec phase 1
Ike phase is a chanel not a tunnel because transmitted traffics are not encapsulated by esp or ah headers unlikr phase 2 which perform encapsulation1- is that correct ????2- does message 5 and 6 are...
View Articlecluster ip monitoring vs logical system
Hi All! I would like to set an ip monitong function in the cluster redundancy group.I found some example about it, but the monitored IP is on a LSYS.Can I set this ip monitoring for an LSYS? Or this...
View ArticleDiffie Hellman shared key
> After exchange DH public key , and compute the session key , why the session key it self cannot be used as a key for encryption and authentication ????
View ArticleSRX240 in flow mode and SIP ALG issue
HI,we are using a couple of SRX240 to route between sites and on each site we have some SIP applications running.With the SIP ALG enabled we were noticing that packets were being dropped.So after some...
View Articletraffic selector
i have read that a single phase 1 can establish multiple phase 2 SAs or VPNs ..... 1-is this related to traffic selector or there is other senarios ??? 2- when using traffic selector , does it create...
View ArticlePBR between zones
Hi I am trying to configure transparent proxy with SRX240 and SQUID. SRX240 is my GW and I want to forward traffic using PBR to SQUID server but it's not working. . Here's my related config. LAN...
View ArticleBest practice migrate NSRP Active/Active to SRX Cluster?
Hi All, If i have Netscreen cluster active/active and i want swap/migrate it with SRX cluster 5800, may i know whether i the best pratice is active/passive or active/active also. If i setup SRX...
View ArticleHeuristics
what is Heuristics ?? i found that it is used in AppID to identify encrypted p2p applications
View ArticleStatic NAT to FQDN for SRX
Hi All, On SRX240 (v12.1x44) - trying to achieve a static NAT using an address-book entry that is a 'dns-name' using FQDN. Policies work fine, but appears NAT still not supported for FQDN?? Can anyone...
View ArticleDifference between UTM & IPS
what is the difference between IPS & UTM regardless of web filtering and URL ????i see that both of them inspect L7 and protect from attacks and viruses
View ArticleClik here to view.
DHCP Client sometimes not working properly on juniper SRX210HE2
Hello, we get our static IP per DHCP from our ISP with a very shot lease time (5 Minutes), so the IP on interface ge-0/0/0.0 will be replaced very often. Sometimes (one to two times a day) the routing...
View ArticleSIP ALG impact on SRX performance
Hi community, we are going to enable the SIP ALG on srx5600 firewall. I would like to ask about the following issues: - Impact of enabling the ALG in terms of SRX performance (CPU, etc) - Any...
View ArticleSyslog for specific firewall rule.
Hi all,we have permissive rule with an "any any any" applied in our srx, and we would like to remove it. But before, we need monitor traffic matching this permissive rule at least during one week. How...
View ArticleSRX per customer bandwidth shaping upload & download
We're migrating from ScreenOS to an SRX1500 as a edge firewall each customer will be on their own port/zone and virtual-router. All traffic from each VR to Trust will be natted to a specific NAT IP...
View ArticleSRX Errors during boot
I recently updated Juno OS to 12.1X46-D40.2 and upon rebooting the device I got new errors in the logs that I have never seen before. These errors show up everytime the device is booting up after a...
View ArticleIPS Install - Source From Interface
Hello, I am having an issue installing the IDP Security-Package. I know what the problem is, but I am not sure how to fix it. I cannot ping anything on the outside from the SRX unless I source the...
View ArticleHA light Amber
I have old configured HA in SRX 240 but there is light amber in HA, it was working well but the light came after electrcity getting down and return back here is some check commands: admin@FE-FW>...
View Articlemgd: error: configuration database size limit exceeded
Hi everybody, we currently have a SRX240 on Version 12.1X46-D35.1 and want to upgrade to 12.1X46-D65. However we recieve the following error:mgd: error: configuration database size limit...
View Article