I am deploying SRX4100 in HA and there is a requirement of logical system but i have limited number of interface to use,
I want to know if the device in HA and we have reth interface configured which consist of physical interfaces of both Active/Passive firewalls, can i use single reth interface in multiple logical systems by using subinterfaces and vlan tagging.
I am setting up static VPN between two firewalls: Juniper SRX650-BASE-SRE6-645AP Services Gateways.
Do all XPIM modules should match including number of ports or can we have:
#1 SRX 650 firewall with 24 ports: Juniper SRX-GP-24GE-POE 24-Port Gigabit PoE
#2 SRX 650 firewall with 16 ports: Juniper SRX-GP-16GE-POE 16-Port Gigabit PoE
Is the difference in XPIM port #s would be an issues for setting VPN between the 2 SRXs or XPIMs have to match including their number of ports?
Good morning, could you help me by giving a concept to my srx300 configuration, I have 2 PPPOE links but only the link that is on the Ge0 / 0/0 port works at its contracted speed, the link that is on the Ge0 / 0/1 port It works at 1/3 of the contracted speed, I have done tests only by connecting the cable to the GE0 / 0/1 port and it takes a few minutes to give the physical connection link while the other port is immediate that the led indicator shows link, no I know if I am missing something in the configuration or what else should I check, I send part of the configuration of my equipment
my Configuration
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/0.0 host-inbound-traffic system-services tftp
set security zones security-zone untrust interfaces pp0.0
set security zones security-zone untrust interfaces pp0.1
set security zones security-zone untrust interfaces ge-0/0/1.1 host-inbound-traffic system-services dhcp
set security zones security-zone untrust interfaces ge-0/0/1.1 host-inbound-traffic system-services tftp
.
.
.
set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 unit 0 description PPPOE_1
set interfaces ge-0/0/0 unit 0 encapsulation ppp-over-ether
set interfaces ge-0/0/0 unit 0 vlan-id 300
set interfaces ge-0/0/1 vlan-tagging
set interfaces ge-0/0/1 unit 1 description PPPOE_2
set interfaces ge-0/0/1 unit 1 encapsulation ppp-over-ether
set interfaces ge-0/0/1 unit 1 vlan-id 300
.
.
set interfaces pp0 unit 0 description CONEXION_PPPOE-1
set interfaces pp0 unit 0 ppp-options chap default-chap-secret XXXXXXXXXXXXXXXXXXXX
set interfaces pp0 unit 0 ppp-options chap local-name XXXXXXXXXXXXXX
set interfaces pp0 unit 0 ppp-options chap passive
set interfaces pp0 unit 0 pppoe-options underlying-interface ge-0/0/0.0
set interfaces pp0 unit 0 pppoe-options idle-timeout 0
set interfaces pp0 unit 0 pppoe-options auto-reconnect 3
set interfaces pp0 unit 0 pppoe-options client
set interfaces pp0 unit 0 family inet mtu 1492
set interfaces pp0 unit 0 family inet negotiate-address
set interfaces pp0 unit 1 description CONEXION_PPPOE-2
set interfaces pp0 unit 1 ppp-options chap default-chap-secret XXXXXXXXXXXXXXXXXXXX
set interfaces pp0 unit 1 ppp-options chap local-name XXXXXXXXXXXX
set interfaces pp0 unit 1 ppp-options chap passive
set interfaces pp0 unit 1 pppoe-options underlying-interface ge-0/0/1.1
set interfaces pp0 unit 1 pppoe-options idle-timeout 0
set interfaces pp0 unit 1 pppoe-options auto-reconnect 3
set interfaces pp0 unit 1 pppoe-options client
set interfaces pp0 unit 1 family inet mtu 1492
set interfaces pp0 unit 1 family inet negotiate-address
.
.
.
set forwarding-options hash-key family inet layer-3
set forwarding-options hash-key family inet layer-4
set routing-options static route 0.0.0.0/0 next-hop pp0.0
set routing-options static route 0.0.0.0/0 next-hop pp0.1
.
.
set routing-options forwarding-table export LOAD-BALANCE
set protocols l2-learning global-mode switching
set policy-options policy-statement LOAD-BALANCE then load-balance per-packet
Hi all,
Anyone here already test this new juniper feature / product? It support from junos ver 20.3 above. If anyone has test then any url for config reference?
https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000682-en.pdf
Thanks and appreciate any feedback
Hi All
When I try to push the policy from Security Director to SRX4200 (18.4R3-S2) I received a below error:
Can someone help?
[
Error] Configuration update failed.
Severity : error
At : [edit security idp default-policy]
Message : mgd: Policy must be defined under [security idp idp-policy]
Details : default-policy RMG_DEFAULT_IDP_POLICY
Severity : error
Message : commit failed: (statements constraint check failed)
view-full-error-messageclick-here
I have a SRX210 I am working with.
to perform the upgrade to latest firmware I have to first install 12.1X46-D25.
I have search all of Juniper.net and can't find a download link. Does anyone know how I can get a copy of the firmware tgz package?
Hi All,
I'm in a task to configure a S2S VPN using traffic selector and proxy id in almost 10 firewalls.
The customer is asking me to deploy almost 100 traffic selector and almost 100 proxy-id in a specific site to site vpn.
I sugested summarize the traffic selector and proxy id in one line as below:
set security vpn VPN-A traffic-selector VPN-10 local-ip 10.20.20.0/24 remote 10.30.30.0/24
set security vpn VPN-B ike proxy-id local-ip 10.120.120.0/24 remote 10.130.130.0/24
However, the customer don't want do this, because they say that this is one more security layer.
So, now i'm concerned with the HIGH CPU utilization, and impact that use almost 100 traffic selector and 100 proxy id would bring to the performance of the firewall. Please, could you help me?
Thanks,
João Victor
Hi everyone,
I configured one of my ports with multiple VLAN's and a native VLAN..
I'm now trying to configure the JDHCP service, but whatever I do.. all my VLAN's receive the native VLAN DHCP scope.. I checked some earlier posts here.. and it looks like my config is the same.. ..
what am I missing?
Junos: 18:4R3-S4.2
....<interfaces>
ge-0/0/1 {
flexible-vlan-tagging;
native-vlan-id 1;
unit 0 {
vlan-id 1;
family inet {
address 172.16.1.1/24;
}
}
unit 2 {
vlan-id 2;
family inet {
address 172.16.2.1/24;
}
}
...<system services>
dhcp-local-server {
group internal {
interface ge-0/0/1.0;
}
group guest-pool {
interface ge-0/0/1.2;
}
.....<access address-assignments>
pool internal-pool {
family inet {
network 172.16.1.0/24;
range range1 {
low 172.16.1.20;
high 172.16.1.200;
}
dhcp-attributes {
name-server {
172.16.1.1;
}
router {
172.16.1.1;
}
}
}
}
pool guest-pool {
family inet {
network 172.16.2.0/24;
range guest-pool-2-24 {
low 172.16.2.20;
high 172.16.2.40;
}
dhcp-attributes {
name-server {
1.1.1.1;
8.8.8.8;
}
router {
172.16.2.1;
}
}
}
}
Hi there. I have an issue with history RPM probe-results. How do I clear the history probe results. I´ve been searching but I can´t find any solution. Maybe hidden command or only deactivate/activate command works????
Hi,
We deployed SRX-5800 in chassis-cluster mode
1.Static routing options are not functioning in passive FW.
2.GW next-hop is reachable.
3.But in Active FW the static routes are working fine.
Please find the configuration
root@KL-CL3-P> show configuration routing-options
static {
route XX.XX.83.64/26 next-hop XX.XX.8.129;
route XX.XX.10.13/32 next-hop XX.XX.8.129;
route XX.XX.7.0/27 next-hop XX.XX.8.129;
route XX.XX.10.5/32 next-hop XX.XX.8.129;
route XX.XX.45.96/27 next-hop XX.XX.8.129;
route XX.XX.225.0/24 next-hop XX.XX.8.129;
route XX.XX.76.104/29 next-hop XX.XX.8.129;
route XX.XX.15.0/24 next-hop XX.XX.8.129;
}
{secondary:node1}
root@KL-CL3-P> ping XX.XX.8.129
PING XX.XX.8.129 (XX.XX.8.129): 56 data bytes
64 bytes from XX.XX.8.129: icmp_seq=0 ttl=64 time=0.562 ms
^C
--- XX.XX.8.129 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.562/0.562/0.562/0.000 ms
{secondary:node1}
root@KL-CL3-P> traceroute XX.XX.76.105
traceroute to XX.XX.76.105 (XX.XX.76.105), 30 hops max, 40 byte packets
1 * * *
2 * * *
3 * * *
^C
{secondary:node1}
root@KL-CL3-P>
Hi everyone
I have Juniper SRX 240, JUNOS 12.1X44-D35.5
I am experiencing high interface loads.In this case, the Data Plaint CPU is above 90%.How can I see who is using the most traffic? How can I see interface load per source/destination ip?
Thank you!
Guys, how are you? I don't know if this would be the right place, if I'm not sorry.
I have an SRX240h2 and I know that it no longer updates and is at the end of its life. I need to configure UTM Web Filtering, could someone help me? I have an SRX300 available Do you recommend replacing the SRX240h2 with the SRX300?
On my local network today I have approximately 80 users on the network.
Need help. Thank you friends.
Hi there,
I need to assign a public ip to a server. I have a /29 public range and use NAT for other server but this one must be accessed by public ip address without NAT, in a internal/trust zone from untrst/external zone. How do i set it up? is it possible?
Thank you.
/Carsten
Hi all,
I am struggling with a Source-Nat rule.
I have the following config for the outgoing interface:
interfaces ge-0/0/1
flexible-vlan-tagging;
native-vlan-id 10;
unit 0 {
vlan-id 10;
family inet {
address 172.29.1.1/24;
address 172.29.2.1/24;
address 172.29.3.1/24;
}
}
I use the following rules for source-natting:
rule-set vpn-mgt {
from zone vpn;
to zone mgt;
rule snat-vpn-mgt {
match {
source-address 0.0.0.0/0;
}
then {
source-nat {
interface;
}
}
}
}
We do see translation happen but to the wrong ip address.
If we try to ping 172.29.2.2 we will get the ip 172.29.1.1 from the interface.
Can this be solved or do I have to use address pools instead?
your sincerely,
Hi all,
I have something weird on srx5800 cluster and not sure is it normal or not. I have one server that have configure "destination nat" to that server. The ip segment for the destination nat is not same with ip source nat interface.
When i ping from server itself to destination different zone it using ip "destination nat" instead supposedly must using ip "source nat" interface. I can see it when i'm execute command "show security flow session source-prefix" . Is it normal due to have destination-nat or it not normal?
Thanks and appreciate any feedback.
Greetings friends, has anyone configured Cisco Umbrella on the Juniper SRX 345, SRX 240?
Hello,
Is it possible to send remote syslog messages with TLS encryption to a remote syslog server like rsyslog?
Does anyone have any configuration examples for this, so far I have only been able to find example where the SRX is collecting the logs.
Hello,
Does port mirroring work on SRX340?
I was tried to configure this feature based on this:
https://kb.juniper.net/InfoCenter/index?page=content&id=KB21833
but it doesn't work.
I see that couter in filter increase, but I don't see any packets on outging interface.
Best Regards
I'm working to get security alerts set up between an SRX340 and Eventlog Analyzer SIEM.
I've been getting alerts that look like this:
Alert Name : Default Threat,Event Name : Application Access Update,Message : Malicious Source(s) detected : 94.229.72.116
Log Message :
APPTRACK_SESSION_VOL_UPDATE: AppTrack volume update: xx.xx.1.93/64280->94.229.72.116/443 junos-https UNKNOWN UNKNOWN xxx.xxx.xxx.xxx/16925->94.229.72.116/443 source-nat-rule N/A 6 Managers trust untrust 57738 1(52) 0(0) 0 N/A N/A No ,Alert Severity : Critical
Actually, the recorded alert in the SIEM database starts with RT_FLOW.
For reference: from juniper.net:
APPTRACK_SESSION_VOL_UPDATE [user@host.1.1.1.2.129 source-address="4.0.0.1" source-port="33040" destination-address="5.0.0.1" destination-port="80" service-name="junos-http" application="HTTP" nested-application="FACEBOOK-SOCIALRSS" nat-source-address="4.0.0.1" nat-source-port="33040" nat-destination-address="5.0.0.1" nat-destination-port="80" src-nat-rule-name="N/A" dst-nat-rule-name="N/A" protocol-id="6" policy-name="permit-all" source-zone-name="trust" destination-zone-name="untrust" session-id-32="28" packets-from-client="371" bytes-from-client="19592" packets-from-server="584" bytes-from-server="686432" elapsed-time="60" username="user1" roles="DEPT1" encrypted="No" destination-interface-name=”st0.0” category=” Web” sub-category=”Social-Networking”]
So, where does the Alert Severity : Critical come from and why?And, where does "Malicious Source(s) come from and why?
I've got an SRX1500 and SRX320 in an SDWAN POC
The 1500 is configured for local breakout and has a breakout policy configured for the internet tag. The 320 connects to it fine as a spoke and there is a permit firewall policy between a created Department which both SRX's test directly connected LAN segments are connected to.
Clients on the 320 can successfully break out to the internet via the 1500. However local clients on the 1500 can't - the directly connected subnet's gateway (the 1500) advises there is no route to host.
Also clients on either subnet cannot ping each other despite being part of the same Department. Has anyone come across this before? I'm relatively new to Juniper and brand new to SDWAN so not too sure where to start. I've tried some tracerouting / pinging via the various VRFs that have been created but I'm not too sure which one is the one I need to test!
Hi juniper
If i need to log on SRX that mapping userAD with IP adddress, Does user must joining on AD?
Can someone tell me what is the maximum multicast routes supported by SRX 5800?
Hi,
I have vlan (WIFI) 192.168.20.0/24 and in it a lot of wifi user devices (phones, laptops, etc.) in the same network there is a wifi controller with the address: 192.168.20.x.
Clients are connected to one SRX port (0/13)
The controller is on the SRX port (0/14)
Is it possible to block communication so that clients cannot access from the WIFI network to the address of the controller (managing) on port 443 and 8443?
Please help identify what looks like 2 memory flash cards on the SRX-GP-16GE-POE board.
This SRX-GP-16GE-POE 16 port (711-062271) was purchased and came without the 2 cards.
See image attached (arrows pointing).
What are they and what is their part number?
Thanks in advance.
Good day,
I am reading different posts over internet and confusion reigns over the exact sequence of rebooting srx cluster for updating srx software and if "no validate" should be used.
please help to clear confusion, should the srx cluster be rebooted at once when updating srx software or the primary be rebooted first.
Will using "no validate" cause any issues or should it be allowed to validate.
thank you.
I cannot open an SFTP session or SSH to the fxp0.0 interface. I can ping it. I looked in the logs and I don't see that it is being blocked. Is there something I am missing?
Guys, how are you? I would like help with the Juniper SRX300, is there a possibility to save or create a log of all the sites that are accessed? Collecting the IP of the Local machine.
I have srx300 only that it does not have the license of web filtering I created a rule to block everything and in utm I created a list with only a few sites released. The idea would be to record which sites and which ip the web site was accessed from.
Thank you.
Hey everyone.
Adobe has been issuing warnings in its Adobe Flash updates. Google and Firefox has been showing a warning whenever I head over to a site that uses Flash. What's more, Google has had a "Goodbye to Flash in Chrome" blog published for some time.
Basically, Flash is going to be deprecated sometime in December 2020.
Is there a timeline as to when Juniper will update J-Web to support HTML5? The last firmware update we received still required Flash for the dashboard view and charts throughout the GUI.
Thanks.
I want to know if we create multiple logical systems in SRX4100 then is it must to define security profile for each user logical systems as well as for master logical logical.
What will happen if i dont create security profile,will the resources of device shared amount all logical systems.
Thanks
Hey Guys,
I'm facing one issue of Control Link, post clustering of SRX1500. As per my understanding Chassis Clustering and RG are working fine. I can see the em0 in Up state but em1 is not reflecting in the output (snapshot attached).
If I go for node redundancy by reloading node0, ending up with a complete outage 😞
Requesting you to please look into it and suggest as quickly as you can.
Hello everyone, everything good ?
What do you use to manage multiple Junipers devices?
I have 30 branches using the same SRX300 equipment, however it is very laborious to change a configuration in all. I have to access them one by one.
hi all
got my exam this week any last minute study material pls do let me know
I have an application which continues to send traffic between the source and destination as long as the current session is not interrupted. This application was running using an any any rule between 2 zones. Due to some security concerns the rule was deleted 6 months back. All of a sudden one day service owner is coming and telling us that the application is not working. On checking we found that the policy is not there in place. We installed a new policy and issue got fixed. Even the application logs are telling that the communication stopped only recently ie. after 6 months.
Question// If we remove a policy for which an existing session with continuous traffic is there, existing session will be removed or not?. If not removed do we need to manually clear the existing sessions?
srx-345 with Junos 15.1X49-D170.4
I have a setup with a VPN tunnel on the external interface (ge-0/0/8.0). This is working fine. Now I want to setup a second tunnel to a different customer. I created second IKE gateway.
IKE gateway for existing tunnel (remote is behind a dynamic IP Provider):
gateway IKE-GW-VSE {
ike-policy IKE-POL;
dynamic hostname srx345-e16;
dead-peer-detection {
always-send;
interval 15;
threshold 3;
}
external-interface ge-0/0/8.0;
version v2-only;
}
Now the gateway for the new tunnel:
gateway IKE-GW-JMU {
ike-policy IKE-POL-JMU;
address 1.2.3.4;
dead-peer-detection {
always-send;
interval 15;
threshold 3;
}
local-identity key-id keylocal;
remote-identity key-id keyremote;
external-interface ge-0/0/8.0;
version v2-only;
}
I expect now incoming calls from 1.2.3.4 for ID keylocal, coming from remote host with remote key keyremote to go to IKE gateway IKE-GW-JMU. However trace shows:
[Oct 27 13:17:46]iked_pm_dynamic_gw_local_addr_based_lookup: Found gateway matching local addr IKE-GW-VSE for remote dynamic peer, sa_cfg[VSE-PT]
So, the incoming call is associated with the wrong IKE gateway. Obviously no SA is established.
How to handle this situation?
Thx for help
Howdy, I see this has come up a few times in the past, and some have had success following the previously documented steps, but I have not. This is an eBay purchased device and was supposed kick off my collection of Juniper equipment to learn on. Obviously JTAC is not an option.
The SRX240H2 appears functional, I have link lights on the ge ports when I plug something in, without actual testing, it "looked" ok. However, going through the setup process, I found that the ethernet ports are not passing any data at all, just making an electrical connection.
I consoled into the device and only the "internal" interfaces are showing, no ge-'s at all. Attempting to do a 'show chassis hardware' and pretty much most others under 'show chassis' return back "error: the chassis-control subsystem is not running", I have followed the steps below previously suggested in another post by ScreenJun, with zero success. I am pending the item to be returned but wanted to give one last go to get it running as it was a great value.
Assist to confirm/execute following steps to recover:
1. Confirm if any configuration is on the box using {show configuration}
2. If yes, delete & execute: show chassis hardware
3. If 2 result is -ve, execute "restart chassis-control immediately"
4. Execute: show chassis hardware
5. If 4 result is -ve, execute "request system zeroize". [You need console as it would wipe off all info on the device including logs.]
6. upon restart, execute: show chassis hardware
7. If 6 is -ve, reinstall firmware version.
Logs indicate that the system tries to restart chassis-control, which appears to spawn security-intelligence and l2cpd-services, but every time fails with "chassis-control ... terminated by signal number 13!", Signal 13 is SigPipe which indicates the process died while trying to send data to another process it had spawned. This pattern repeats three times and then it gives up due to 'thrashing'
Any other suggestions that might recover this prior to shipping it back to the seller?
Hi, I'm newby and I'm learning all the time 🙂 I have the SRX 240H. Is it possible to somehow set DHPC - to provide ONLY addresses entered in Static Bindings.
Scenario - there are Access Points (WIFI) on one of the VLANs and I would like only the addresses entered into the static bindings to be downloaded from DHCP - and that no one who is not entered there would receive the address and access to the Internet (not knowing in RADIUS).
Can you give me a hint?
I have the SRX 240H. I would like to create one WIFI vlan, access points will be connected to it. But that students and staff and teachers will connect via wifi - I would like to separate it somehow in order to be able to properly manage them and grant permissions or to prohibit access to something.
Would it be a good idea to create one vlan with an address pool, e.g. 192.168.80.0/22 which will give me 4 subnets (192.168.80.0/24 192.168.81.0/24 192.168.82.0/24 192.168.83.0/24) and then allocate in DHCP according to:
192.168.80.0/24 - students
192.168.81.0/24 - teachers
192.168.82.0/24 - employees
192.168.83.0/24 - guests
And then I could apply the appropriate per subnet restrictions.
Hello, I'm a newbe and I'm just starting my adventure with SRX`s;)
My hard: SRX 240H (JUNOS Software Release [12.1X44-D40.2]
I would like to set up several subvilans or subnets on one physical interface, e.g. ge-0/0/6.
Here is a description of my idea. Something like multiple vlans. But I read that it can be done with irb.
I made two irb's but I don't know how to connect them to one VLAN or physical interface. Can you give me a hint? Maybe I made a mistake.
}
irb {
unit 1 {
family inet {
address 192.168.200.1/24;
}
}
unit 2 {
family inet {
address 192.168.201.1/24;
}
}
}
Hi Juniper Team,
Where can I ask for a feature upgrade regarding our Juniper Configurator and Quote Tool?
The tool straightforward for us to navigate. However, the tool is quite some time consuming as it loads right after you select each option or tried to input a character on each fields. Is it possible to change this approach? Like the page will load at the end of transaction or right after I completed filling up all required fields.
Regards,
Your Pre-Sales SE
Hello,
I can see that the SRX- SYS - JE includes Application security , so my question is what will be the benefit of this as the premium flex license includes this and the advanced one as well !
Hi, Can I do bandwidth monitoring on SRX (like mrtg in Linux) like something like this.
I know SRX has its own web server as well. Or maybe it can make SMNP packets available to the monitoring server ... do you have any hints - can it be done and how?
In linux on mrtg it was done like this:
#---------------------------------------------------------------
# eth0
#---------------------------------------------------------------
PageTop[eth0]: <center><h2>monitoring bandwidth</h2>
Target[eth0]: `/usr/bin/mrtg-ip-acct`
MaxBytes[eth0]: 125000000
kilo[eth0]: 1024
Options[eth0]: nobanner, noborder, growright, nopercent, bits, noinfo, integer
YLegend[eth0]: bits per second
ShortLegend[eth0]: b/s
WithPeak[eth0]: ymwd
Background[eth0]: #f0f0f0
Colours[eth0]:AQUA#00ccff,BLUE#1000ff, DARK GREEN#006600,VIOLET#ff00ff
#Colours[eth0]: GREEN#30c030,BLUE#1000ff,DARK GREEN#006600,VIOLET#ff00ff
XSize[eth0]: 500
YSize[eth0]: 200
XScale[eth0]: 1.5
YScale[eth0]: 1.2
PNGTitle[eth0]: title - monitoring bandwidth
TimeStrPos[eth0]: RU
TimeStrFmt[eth0]: %H.%M
YTics[eth0]: 5
Hi to all,
I have a customer who has an SRX345 box.
Sometimes the device get frezzed an becomes inaccesible via icmp, web, etc... The device doesn't answer to any traffic via any interface and the customer becomes incomunicated. The only way to recover the device is reboot it. This behaivor is aleatory and they don't do anything estrange apparently.
I'm looking for some log or file which tell to me what's happend when the device becomes inaccesible but I don't find any. Any idea where could I look to have any explain of this??? A few weeks ago, the ISP told to my customer that they were being attacked, could be a DDoS attack the root cause to the lockdown?? If yes, what can I do to mitigate it??
Thanks in advance!!
David.
Hello,
Regarding information from the Juniper documentation on SecIntel feeds
Does anyone know of feeds for Microsoft servers or CDNs that are associated with Microsoft products and their associated updates? Alternatively, are there any good repositories that may have feed URLs that can be referenced to try to find a corresponding feed for something that you might need? I can't seem to find any documentation on what kind of "feeds" these are and I haven't been able to turn up anything with searches on third party SecIntel feeds.
I want to know if we create multiple user logical systems in SRX4100 then is it must to define security profile for each user logical systems as well as for master logical logical.
What will happen if i don't create security profile,will the resources of device shared amount all logical systems from master logical system profile.
Thanks
Hello
Long story short, srx 5400 crashed and went into boot loop. I took working snapshot to usb from another 5400 and booted faulty srx with usb, seems ok. But question is, how can i get content from usb back to compact flash ? With 5400 only snapshot media option is usb.
Egert
Hi
Does this message the same as issue described in this article?
https://kb.juniper.net/InfoCenter/index?page=content&id=KB23977&cat=SRX_5800_1&actp=LIST
srx3600 // 12.1X44-D10.4
We have a juniper router onsite and when pinging a cctv at site we are seeing below:
execute ping 10.112.34.20
PING 10.112.34.20 (10.112.34.20): 56 data bytes
64 bytes from 10.112.34.20: icmp_seq=0 ttl=61 time=1.6 ms
64 bytes from 10.112.34.20: icmp_seq=0 ttl=61 time=1.6 ms (DUP!)
64 bytes from 10.112.34.20: icmp_seq=1 ttl=61 time=1.6 ms
64 bytes from 10.112.34.20: icmp_seq=1 ttl=61 time=1.7 ms (DUP!)
64 bytes from 10.112.34.20: icmp_seq=2 ttl=61 time=1.6 ms
64 bytes from 10.112.34.20: icmp_seq=2 ttl=61 time=1.6 ms (DUP!)
Quite confused with this ping response as we don't have any duplicate IPs etc so unsure why juniper is throwing this?
Good afternoon!
I have Juniper SRX220H, recently started a problem like this:
Inside the local network, passive ftp sessions suddenly ceased to take place, although all protocols are allowed in trust-to-untrust. The "show chassis routing-engine" command was showing excessive "User" utilization among CPU utilization. After restarting the device, the problem went away, but now the router does not distribute DHCP addresses to devices on the local network. In this case, the DHCP service is running and correctly restarted, and also shows a working address pool.
What could be the problem?
technical data:
Software Version: JUNOS Software Release [12.1X44-D35.5]
Bios Version: 1.9