Cannot add more 8 source address in securi nat?
Hi All, Is there any limitation in SRX5800 chassis cluster setup with Logical System to add more than 8 ip address in source address in security nat stanza. I'm look this url...
View ArticleSRX 240 cluster failover reason/date
Hi , We have two SRX box in HA. Our primary box had issues it was not healthy we had to do RMA to that box. I want to check the logs to find out when the failover happened becuase we got to know on 16...
View ArticleDiffie Hellman group5
when i say that DH group5 is 1536 bits .... 1) Doesn that means that the generated key (session key) is 1536 bits ? Or 2) It means that the private key size is 1536 bits (at the beginner each side...
View ArticleSRX345 switch L2 to L3 commit issues
I tried to switch L2 to L3 and reboot like: set protocols l2-learning global-mode switchingthen tried a commit check and found: [edit security zones security-zone BT interfaces] 'ge-0/0/0.0' Referenced...
View ArticleIKE phase 1 main mode
1- Does the proposal sent in message 1 & 2 is in plain text or secured ?? if secure, how ?
View ArticleIPSec Tunnel Down Reason SA not initiated
Hello community, I am setting some policy-based IPSec from a SRX220 running [12.1X46-D65.4] I have a total of 7 Tunnels and 4 of them have Phase 1 UP, However When I checked the commando: "show...
View Articleshow dropped
is there a command that display dropped traffics by SRX for example host-inbound traffic for ping is not allowed on the traffic interface and a ping is received ...
View ArticleVDSL connection for Italian Tim Fibra setting help
HI, i'm trying to update my configuration on one SRX210 (with VDSL card) for connecting to my FTTC. Here it is my conf: version 12.1X46-D55.3; system { host-name JuniperSRX210; time-zone Europe/Rome;...
View ArticleVPN local & remote identity
local & remote identity are used to pecify the IKE-ID as FQDN, UFQDN, DN, IP address . my question: why under edit security IKE gateway there is : Dynamic option & Remote identity option i see...
View ArticleNAT keepalive
what is the use of NAT keep-alive in IPSEC VPN ??i have searched and it said that it maintain the NAT translation between 2 peers but i dont understand what doesn that means
View ArticleClik here to view.
Do not use source nat off when deploying site to site vpn
Hi all, Please clarify me this circumstance. We have the topology with requests like this: Topology: [PC]---[SRX]----------[INTERNET]----------[Different vendor's Firewall]----[SERVER]* In encrypted...
View ArticleClik here to view.
Source NAT pool
Hi all, I have a topology like below: Client x, y, z -------- SRX --------- InternetThe SRX device operates source NAT (PAT) pool from Client to access the Internet with IP pool is 111.111.111.0/24 for...
View ArticleRouting via OSPF as primary route between SRX's not working
Topology:SRX-1 @ Site A ------------------ SRX-2 @ Site B ISP A is terminated at Site A and ISP B teminated at site B with each ISP being backup of other site during failover. Site A...
View ArticleSRX losing internet connection at random
Hi, Our office internet has been very unstable past few days. In the past the internet goes down and up, but once the internet comes back up, our SRX100 has connection as well. Our SRX has been...
View ArticleWhere can I get release 12.1X44 for SRX100H2?
I need release 12.1X44-D35.5 for SRX100H2, but I cannot find it in JunOS downloads. I already have that release for SRX110, but I'm not sure if I can use that file for SRX100H2 too...
View ArticleSource and Destination NAT Translations
Hi all, When to do source and destination NAT translation?It uses for hiding source & destination IP address and deploys one-way direction, doesn't it? Refer configure source and destination NAT:...
View ArticleArchival-Feature isn`t working anymore
Hi all, since we had moved to a new archival-site, the commit-on-transfer isn`t working anymore.But this issue only occures on one SRX (Cluster). The other SRX-Systems are working fine with the new...
View ArticleReplacing chassis with lab unit that not have support contract?
Hi all,In the juniper install base we just can update the component chassis n address location of chassis. But how if I want update replace the chassis faulty with my lab unit that not have support...
View ArticleAppID engine
Does AppID has a separate engine for inspection or it use IPS engine for inspection,, ????as i have found that AppID signature database is part of IPS signature database
View ArticleFBF
when implementing policy based routing to connect with 2 service provder>There is no gurentee that the return traffic will came from the same outgoing interface.>How to make sure that return...
View Article