Hello,
I have a SRX 220H2-POE
JUNOS Software Release [12.1X46-D65.4]
My issue is in troubleshooting ICMP packets inbound from external pings on a NEW Interface.
I have two interfaces (now) in my untrusted zone, both have their own distinct /30 PUBLIC subnets. The first one on ge/0/0/0 default route (working fine) and the new 2nd one on Ge-0/0/1 does not reply to ICMP pings to the interface from external remote testing. From the Juniper extended ping from this new interface, pinging out works just fine. To bring UP this new interface I am using a cisco switch as a demark (only connected to the port)
I have ping enable.
interfaces {
ge-0/0/0.0;
ge-0/0/1.0 {
host-inbound-traffic {
system-services {
ping;
Why can I not see the ICMP reply's from my remote work station testing inbound?
My session Monitors show the following:
Remote Ping to New Interface:
Session ID: 96279, Policy name: self-traffic-policy/1, Timeout: 1800, Valid
In: 108.31.33.120/36518 --> 128.177.117.134/22;tcp, If: ge-0/0/0.0, Pkts: 2852, Bytes: 171283
Out: 128.177.117.134/22 --> 108.31.33.120/36518;tcp, If: .local..0, Pkts: 3052, Bytes: 470709
Remote Ping to Router Default Interface (works)
Session ID: 20354, Policy name: self-traffic-policy/1, Timeout: 4, Valid
In: 108.31.33.120/3636 --> 128.177.117.134/1;icmp, If: ge-0/0/0.0, Pkts: 1, Bytes: 60
Out: 128.177.117.134/1 --> 108.31.33.120/3636;icmp, If: .local..0, Pkts: 1, Bytes: 60
------------------------------
Scott Lucas
------------------------------