Configure Question: How to enable PING on Interface link state down
Hi! I can't find it in the cli:Is there a way to get the srx to respond to ICMP packets whether the physical interface is up or down.I know you can achieve this on an CISCO device, but I can't find a...
View ArticleOrder of Operation: Source NAT and Security Policy
Hi every one, What is the order of opertaion when it comes to source NAT and Security policy on SRX ? Is security policy is evaluated first i.e PRE nat SRC IP is taken into considertaion or Post NAT...
View ArticleSRX Destination NAT scenario
Hi everybody, Please consider the following example: SRX A must translate all packets destined to 192.168.200.200 with 10.31.254.17 i.e. destination port remains unchanged just destination Ip needs to...
View ArticleSSL proxy & SSL offload
SSL proxy : The SRX intercept at the IP layer establish a TCP connection with both the server & the client , exchange its own certificate with the client and use the server certificate to...
View ArticleSRX Security policy for return traffic needed?
Hi everybody.Let say we have a SRX with two Zones: UNTRUST ZONETRUST ZONEWe have a security policy that allows all traffic from Untrust to Trust.Do I need to configure policy to allow return traffic...
View ArticleSRX as a traditional router
Hi everybody, Let say we want our SRX to act like a router i.e no Zone, no seurity policy, just changing the Flow based forwarding to packet based forwading will do the trick? Thanks,
View ArticleIPSEC tunnel St0 creation on SRX
Hi everybody,Let say we want to establish Route based IPSEC tunnel (site to site) between two SRX, we configured our IKE phase1, Phase2 policies, and bind it to tunnel st0.1 using:Set security ipsec...
View ArticleTrace option Log file how to delete it?
Hi everybody, Let say we performed trace option on SRX and all our logs are now in file “ tshoot web”set file tshoot_web This file is in default folder VAR My question is once we are done with...
View ArticleInternet on SRX only using public IP addressing
I was given a public block of /29 addresses to use for Internet access. I need to configure it on an SRX220 and want to use the remaining addressing using interfaces on the SRX. I do not want to use...
View ArticleIs it required to configure re-protect on SRX even i'm not configure IP...
Hi all, If my srx not configured Ip address on interface lo0 then is it i still need configure re-protect to protect the RE? My srx just use static route only. Thanks and appreciate any advise.
View Articleicmp type 3 code 3 port unreachable when trying to connect to ike (port 500)...
There is an IPSEC tunnel from a SRX240H2 to a Sophos UTM 9. The tunnel is up most of the time but goes ocassionally down. And I wonder if the following could be related to the problem. Sometimes, when...
View ArticleVDSL2 PIM firmware for SRX
Hi, Sorry I'm not a regular poster so I'm hoping I have followed all of the usual protocols. I have recently bought a VDSL2-A PIM for an aging SRX210B running JunOS 12.1. The firmware of the card...
View ArticleFilter based Forwading based on other except ip address?
Hi All, Usually i'm do FBF based on source ip address only. But may i know whether FBF can do based on below: a.) Applicationsb.) AD / User Groupc.) Zoned.) Interface Thanks and appreciate someone...
View ArticleSRX300 dual isp failover question
Hello all, I have some SRX300 devices at a couple of customers and on all these devices we have failover configured.These customers all have Cable and a DSL connection.Cable is primary and DSL is...
View ArticleSRX110 12.3X48 (inter alia) dhcp-client client-id is snafu
When client-id is added to an interfaces family inet / dhcp-clientJunOS sends an invalid option 61 in the Discover packet ... ( fred on the end is just my test name) Client-ID Option 61, length 16:...
View ArticleCOS question on SRX: Network control traffic and mapped queue
Hi everybody. By defauult, what queue does SRX use for Network control traffic? What is DSCP value set by SRX for Network control traffic by default? Thanks and have a nice day!!
View ArticleConfiguring Layer 2 Services Over GRE Logical Interfaces in Bridge Domains
Hi, I have a SRX 300 and I am trying to bridge layer 2 data over GRE tunnel. I have found a configuration for MX, but I do not have some these commands. (bridge under interfaces) I was wondering if...
View ArticleClik here to view.
Aggressive VPN on Billion to SRX 210
Hi All, I have a Juniper SRX 210 that I have many VPN tunnels terminating too, these are all juniper to juniper. I have the need at the moment for a user to connect in via Billion modem, it has do...
View Articlesrx240 , 650 dnat issue
Hi Juniper, I'm having weird issue on some of sites, but on few it does work. We have 2 isp's in each site and one has default route, one has default route as backup with pref25. We have to dnat one ip...
View ArticleFLOW_REASSEMBLE_FAIL: FCB ageout before all fragments
Hi,I am also facing same issues, anyone can help me to resolve these issues. 2017-08-10 15:36:18 user.info ATT-GW RT_FLOW: FLOW_REASSEMBLE_FAIL: FCB ageout before all fragments arrive, source...
View Article