Possible to prioritise BGP keepalive messages ?
By default, SRX sends as best-effort. Is it possible to set the prority to Network control ? I have a qos policy on the outbound, I assume keepalive messages will be subject to this ? Thanks
View ArticleClik here to view.
Multiple site to site vpns
Hi All, Please forgive my newbness, i will most likely be outsourcing this unless i can get on some training but i'm after some confirmation. I need to link 5 facilities together. i was initially...
View ArticleDoes entire session will re-establish back if we change MTU on physical...
Hi all, i have some question and it contridict with what JTAC said to me. Below is the log that appear when i commit the change. During the commit all the session that login (application) has been kick...
View ArticleIs there any hidden command that can verify both cluster synchronize the the...
Hi all, Let's say previously i have setup the chassis cluster. But due to certain issue the Node1 need to be power off almost 3 weeks. So all the updated config on Node0. So when i join back the node 1...
View ArticleClik here to view.
Trouble with double NAT
Hi folks, I have a topology with 2 devices running NAT shown belowthe PC is double NAT before outgoing to the INTERNET. After that, the PC can not access a Web server on the Internet. I have ping test...
View ArticleISIS And new VR Routing Instance
Hi, I am trring to test some new security policies and have configured new zones and VRs.... but the Junos SRX seems to handle it different to the old ScreenOS.... So I cretaed 2 x new VR labelled as...
View ArticleManual failovers too LONG on SRX550 with bdf or lacp
Hi,has anybody some experience on failover duration ? I have a SRX-550M cluster, connected on donwlink side to a (HPE) L3 Switch cluster, in a 'square' architecture : | |SRX1--SRX2 |...
View ArticleIssue with hub and spoke VPN with internet breakout
Hi all,Have got a setup whereby a sattelite site is connected via an IPSEC VPN, routes are exchanged via BGP, the sattelite site has a local internet breakout (Web/Email/DNS traffic picked up by a...
View ArticleLink failure detection
Is there a way to improve the detection of a link failure? If I manually disconnect a fiber, I see the link led up for a second (after the disconnection) and then goes down.Thanks
View ArticleSRX port forwarding - intermittent results
Hello- I have an SRX300 and have created quite a few port forwarding instance. I recently created one it it works intermitently. I am connecting to an NVR with a web browser and I have 2 issues: Going...
View ArticleIssues with ISP when running IPOE
Good Evening I have notice alot of our IPS down here are now running IPOE. The issue is that the SRX thinks everything is ok if there is an upstream issue as it only needs to try every few hours to...
View ArticleI want to create a policy to allow *.cisco.com or cisco.com/uri
I want to create a policy on SRX firewall to allow anything *.cisco.com any uri cisco.com/uri. I would say anything on cisco website but block other websites.for eg....
View ArticleAddress Book and Security Policy
Hello, I just started using a SRX device two days back only. So this might be very newbie question. I am basically trying to create a firewall policy using address-books. I just want to confirm that...
View ArticleWhat are mean Invalidated sessions?
Hi all, May i know the invalidated session refer to what? Is it refer to traffic that drop due to policy deny? or other thing that need to investigate detail? Appreciate any feedback...
View ArticleIP-Monitoring not failing over
I am probing address 4.4.4.4, it shows pass but the history shows failed? Probe name Test Name Address Status ---------------------- --------------- ----------------...
View ArticleNAT configuration
Hello Experts, Can anyone please verify my config if it will satisfy these 2 requirements: 1) Do static NAT translation from 10.10.200.10/11 to 10.10.22.10/11 when traffic flow from trusted to...
View ArticleI am not able to access my protected resources via Dyn VPN from public remote...
Hi There, I am having issue with my dynamic vpn using pulse secure. i am able to connected and getting IP, but not able to ping the resoureces. The starnge is that i cannot even ping my SRX LAN IP as...
View Articlerate-limit for each client in SRX240
I want to introduce a rate-limit (20 Mbps for example) for each client (inside, outside and DMZ) in my juniper SRX240
View ArticleClik here to view.
Jflow COnfiguration on SRX1400
Hi everybody. I'm trying to configure a SRX1400 device in our laboratory to send jflow flow to a collector (nfdump + nfsend in CentOS). This is more or lees the diagram: Jflow packets have to be sent...
View ArticleLicense for SRX Firewall
Hello Experts,I am asked to replace a couple of firewalls with new SRX 345s. I have received the new hardware from the client. But I haven't got any license for the device. Do I need to install any...
View Article