SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Default interface to start Skyatp session from

    Posted 05-28-2019 05:21

    Hello 

     

    I have a problem regarding connecting to Skyatp cloud.

    the Problem is i can only ping the internet from specific interface.

    If i dont specify the source interface i cant ping or have a DNS lookup.

    is there a way to force the connection to gets out from the untrust interface?


    #SkyATP
    #SRX


  • 2.  RE: Default interface to start Skyatp session from

     
    Posted 05-28-2019 05:48
    set services advanced-anti-malware connection (authentication | source-address | source-interface | url)


    https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/reference/command-summary/set-services-aamw-connection.html


  • 3.  RE: Default interface to start Skyatp session from
    Best Answer

    Posted 05-28-2019 21:53

    Hi amrmhishjuniper,

     

    When connecting to the Internet the SRX will use by default the IP address of the interface facing the Internet (usually the interface in the untrust zone). To what interface is linked the address being used now? Can you share a "> show route 8.8.8.8" to better understand your implementation.

     

    The following document explains more about the source address to be used for outbound traffic generated by the SRX:

     

    https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/default-address-selection-edit-system.html

     

    And in the following discussion it was suggested to specify a source-address for the packets sent to the DNS server:

     

    https://forums.juniper.net/t5/Routing/DNS-Request-Source-Address/td-p/316655

     

    You could try a "monitor traffic" as suggested in the above link to confirm the source-IP being used right now.

     



  • 4.  RE: Default interface to start Skyatp session from

    Posted 05-28-2019 23:46

    Hey

     

    the output from 

    admin@node0> show route 8.8.8.8

    inet.0: 204 destinations, 205 routes (204 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    0.0.0.0/0 *[Static/5] 09:23:10
    > to X:X:X:X via reth0.1000
    [Static/5] 09:23:09
    > to X:X:X:X via reth0.1000

     

    I did change the Public IP adresses to X:X:X:X for security reasons

    i can ping the internet using the interface reth0.1000 but if i used ping alone i still cant do it.

    I did read your response but for some reason the Ping is going out from a diffrent Interface



  • 5.  RE: Default interface to start Skyatp session from

    Posted 05-29-2019 01:13

    Right after you send some pings to 8.8.8.8, try the following command to see the created sessions:

     

    > show security flow session destination-prefix 8.8.8.8 protocol icmp

     

    On the output we will see the source IP address that is being used. Once you know it please try the following command:

     

    > show interfaces terse | match [source_address_ being_used]

     

    Im trying to confirm whats the IP address and interface being used for sourcing the host-outbound-traffic.