SRX

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
Back to discussions
Expand all | Collapse all

Pinging FQDN of SRX box, can't.

  • 1.  Pinging FQDN of SRX box, can't.

    Posted 08-23-2018 08:25
    I cannot ping my SRX box by hostname/FQDN. I am on the internet. So, that means I have setup the zones.

    1. Zone trust to zone trust is up.
    2. interfaces services is set to all.
    (tried to explicity call ping and DNS, no luck).
    3. Zone services is set to all.
    4. Ping in SRX gui works after setting "static-dns-mapping" .

    Please help.


  • 2.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-23-2018 08:27
    I forgot to mention, I have Comcast residential, not a static IP. Is egress activity stopping this? DNS port not active on the external.


  • 3.  RE: Pinging FQDN of SRX box, can't.

     
    Posted 08-23-2018 14:47

    Are you  using a dynamic DNS service of some kind? I assume this service is being updated to reflect your current IP. If so, does an nslookup relfect the very same IP? If it does, all you need, I think, is ping allowed on the untrust side and to ensure that the appropriate interface is assigned to this zone.



  • 4.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-23-2018 21:51
    I do not use any dynamic DNS. The untrust zone also has "all" services running. This includes ping and dns.


  • 5.  RE: Pinging FQDN of SRX box, can't.

     
    Posted 08-24-2018 00:47

    In your second message you mention not using a static IP. If you're not using a static IP and not employing a method of updating your IP address against your DNS, it is unlikely you'll be able to ping your router.



  • 6.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-24-2018 04:00
    Thanks for the thought. I meant to say that the ISP external ipv4 address is not static. My internal IP addresses are static. I'll make sure to try both dynamic and static ip's. I'm pretty sure there must still be a way even when my ISP is a dynamic, and the internals are also dynamic. Not to mention static. I'm sure I tried with static internal only. Any suggestions on how to update the DNS stream? I have chosen to check the boxes in Services->DHCP->DHCP Client-->DHCP Service , pertaining to "Update Server" . I'll check again. Suggestions needed!!!!


  • 7.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-24-2018 04:28

    What interface ip address on the SRX are you trying to ping and from where?

     

    Is your modem in bridge mode so that the SRX wan interface has a public dhcp address or is it simply connected to the private LAN behind the comcast modem router?

     

    When you say DNS issues do you mean you cannot resolve addresses behind the SRX or something else?

     



  • 8.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-24-2018 07:45
    I'm trying to ping my SRX240 hostname. I added a static DNS mapping entry. That helped me to ping in the cli jweb interface. I haven't gotten past that. I have the trust and untrust zones up, with all services permitted.

    So, "ping srxboxhostname" in windows command doesn't operate. I try to ping from any host anywhere on the local network. I have even tried plugging into a port on the SRX itself with a laptop. I have 3 Asus AP wireless on the last three ports. No ping of SRX hostname is working there either.


  • 9.  RE: Pinging FQDN of SRX box, can't.
    Best Answer

    Posted 08-25-2018 04:28

    By default the dhcp settings on the SRX use the carrier DNS servers for all clients via the propogate command.  Thus your entry is not used by dhcp clients.  You will need to remove this setting.

     

    You will also need to configure the SRX as  a proxy dns server.

     

    https://www.juniper.net/documentation/en_US/junos/topics/concept/dns-proxy-overview.html

     

    And then use that server for the dhcp clients.

    https://www.juniper.net/documentation/en_US/junos/topics/example/security-device-dhcp-server-configuring.html

     



  • 10.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-25-2018 13:49
    Seeing as how I can only fulfill one of the two topics you have helped me with(propagate/DNS proxy), I will end my question. I can change the propagate command, but cannot use DNS proxy due to a junos of 11.47xxx . Thank you for this answer. I can assume that removing the propagate command may be still acceptable toward completion of that goal.


  • 11.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-25-2018 14:02
    Any further answering would be greatly appreciated. I have junos 11.47xxx , and DNS proxy isn't an option. I haven't tried removing the propagate command yet. Will do.


  • 12.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-25-2018 23:21

    Hello,

    @eugene1973 wrote:
    Any further answering would be greatly appreciated. I have junos 11.47xxx , and DNS proxy isn't an option.

     

    Use a free public DNS service such as https://www.noip.com where You can manually register Your SRX IP with the hostname of Your choosing (You don't get to choose arbitrary domain though).

    And then every public DNS server will resolve that hostname.domain.tld to return the IP to the machine You are pinging from.

    HTH

    Thx

    Alex



  • 13.  RE: Pinging FQDN of SRX box, can't.

    Posted 08-26-2018 06:51
    Thank you for your awesome answers. I will take all advice into account. It's been a while since I have used DYNDNS. Kudos on this thread too.