SRX

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX 210 no ping response

    Posted 01-11-2010 14:10

    Hi,

     

    Can anyone help me out on this one?

    I need a ping response on the trust interface of my SRX210.

    I wanted to enable a service on the interface, but only http and ssh are available.

     

    I need this so my monitoring software can tell if the device is available.

     

    Cheers,

     

    Leon


    #no
    #SRX
    #response
    #210
    #ping


  • 2.  RE: SRX 210 no ping response

    Posted 01-11-2010 15:25

    You can enable ping and other services on the interface using the host-inbound-

    traffic systemservices. The example is below.

     

    Hope this helps.

     

     

    [edit]
    root@A08_07# edit security zones security-zone trust                   

    [edit security zones security-zone trust]
    root@A08_07# set host-inbound-traffic system-services ?
    Possible completions:
      all                  All system services
      any-service          Enable services on entire port range
      dns                  DNS and DNS-proxy service
      finger               Finger service
      ftp                  FTP
      http                 Web management service using HTTP
      https                Web management service using HTTP secured by SSL
      ident-reset          Send back TCP RST to IDENT request for port 113
      ike                  Internet Key Exchange
      lsping               Label Switched Path ping service
      netconf              NETCONF service
      ntp                  Network Time Protocol service
      ping                 Internet Control Message Protocol echo requests
      reverse-ssh          Reverse SSH service
      reverse-telnet       Reverse telnet service
      rlogin               Rlogin service
      rpm                  Real-time performance monitoring
      rsh                  Rsh service
      sip                  Enable Session Initiation Protocol service
      snmp                 Simple Network Management Protocol service
      snmp-trap            Simple Network Management Protocol traps
      ssh                  SSH service
      telnet               Telnet service
      tftp                 TFTP
      traceroute           Traceroute service
      xnm-clear-text       JUNOScript API for unencrypted traffic over TCP
      xnm-ssl              JUNOScript API service over SSL



  • 3.  RE: SRX 210 no ping response

    Posted 01-12-2010 05:07

    Hi MR, thanks for the response, but it didn't help.

    I added 'ping' so now ssh, http and ping are enabled.

    Still no reply when pinging the srx.

     

    Any other suggestions?

     

    Thanks,

    Leon



  • 4.  RE: SRX 210 no ping response

    Posted 01-12-2010 05:42

    Try to enable it explicitly on the interface;

     

    set security zone security-zone trust interface <interfacename e.g. ge-0/0/0.0> host-inbound-traffic system services ping

     

    G's Dennis


    #IT
    #ble
    #excpl


  • 5.  RE: SRX 210 no ping response
    Best Answer

    Posted 01-12-2010 06:39

    Hey Dennis,

     

    set security zones security-zone trust interfaces ge-0/0/0 host-inbound-traffic system-services ping - is the correct syntax.

    This one actually worked for me!

     

    many thanks.

     

    Gr Leon



  • 6.  RE: SRX 210 no ping response

    Posted 09-04-2012 22:12

    Just wanna add my 2cts, i think if the interface does not have any host-inbound-traffic declaration,

    it will honour the declaration at the zone level. 

     

    For example, if the below config, does not have ping at the vlan.4 host-inbound-traffic hierachy,

    it would not allow icmp echo requests, despite that being allowed at

    the zone host-inbound-traffice hierachy, because there an existing declaration for dhcp.

     

    [edit security zones security-zone guest]
    root@srx240-29LK# show
    host-inbound-traffic {
    system-services {
    ping;
    }
    }
    interfaces {
    vlan.4 {
    host-inbound-traffic {
    system-services {
    ping;
    dhcp;
    }
    }
    }
    }