SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  SRX345 unable to connect to static IP from ISP

    Posted 09-09-2021 09:55
    I am trying to achieve the below network diagram. I am new completely new to Juniper and setting this device from scratch. I am able to configure DNS, NTP, device name etc . but now I want to give this device SRX internet access using static IP and gateway provided by ISP. I am not able to access the internet currently. Below is the information I am able to gather from the Juniper platform so if you could please guide me that these below are the steps required. Feel free to correct me.  Please write down the full commands as I am completely new to this. Thanks for your help again.


    For static IP address on interface ge-0/0/06:
    set interfaces ge-0/0/6 unit 0 family inet address 6.81.126.198/28​

    Adding ISP default gateway:
    gateway address in 6.81.126.193 (Not sure about the command. Kindly correct it)

    Set static route:

    set routing-options static route 0.0.0.0/0 next-hop 6.81.126.193​ (next hop is going to be default gateway?)

    Setting the DHCP on ge-0/0/6:
    set interfaces ge-0/0/6 unit 0 family inet dhcp
    set security zones security-zone untrust interfaces ge-0/0/6.0 host-inbound-traffic system-services dhcp
    set security zones security-zone untrust interfaces ge-0/0/6.0 host-inbound-traffic system-services all

    Setting the pool for users(Pool name is users):
    edit access address-assignment pool users branch family inet
    set range users low 172.29.1.1 high 172.29.1.100
    set dhcp attributes maximum-lease time 3600
    set dhcp-attributes name-server 8.8.8.8
    set dhcp-attributes router 6.81.126.198

    Allowing the DHCP traffic to flow on ge-0/0/5:
    set security zones security-zone trust interfaces ge-0/0/5.0 host-inbound-traffic system-services dhcp
    set security zones security-zone trust interfaces ge-0/0/5.0 host-inbound-traffic system-services all


    ------------------------------
    Abdul Qurashi
    ------------------------------


  • 2.  RE: SRX345 unable to connect to static IP from ISP

    Posted 09-09-2021 14:18
    I to was given a static ip address but in short dhcp had to be part of the equation. To correct this I applied dhcp to the isp port in question. The static ip allocation came from the isp, meaning the srx wasn't configured much differently than its expected default for internet connections. A big company isp compared to a small isp company comes to mind.

    But this just my take.

    You probably need to tell us more.

    ------------------------------
    Adrian Aguinaga
    B.S.C.M. I.T.T. Tech
    (Construction Management)
    A.A.S. I.T.T. Tech
    (Drafting & Design)
    ------------------------------



  • 3.  RE: SRX345 unable to connect to static IP from ISP

    Posted 09-10-2021 05:36
    The issue is I don't have access to ISP equipment and I can't configure anything on the ISP side. We only have one port with specific IP as mentioned above. I need to configure the SRX345 firewall accordingly. Let me know what else you want to know. Thanks

    ------------------------------
    Abdul Qurashi
    ------------------------------



  • 4.  RE: SRX345 unable to connect to static IP from ISP

    Posted 09-12-2021 22:50
    Hi Abdul. If you still need help, I might be able to help some. I'm also new, and my only experience is with an SRX300, but the Junos should be similar.

    I would think your WAN interface (ge-0/0/6) should look this:

    >show configuration interfaces ge-0/0/6
     ge-0/0/6 {
          unit 0 {
              family inet {
                   address 6.81.126.198/28;
                }
          }
    }


    If not, please forward your ge-0/0/6 setup. I suspect that there are some existing entries in your ge-0/0/6 that need to be removed, like possibly dhcp or vlan.
    Or post your entire configuration using
    >show configuration

    I hope this helps some. I see several areas that need work, but I'd like to see your configuration first.

    ------------------------------
    Jay FALVEY
    ------------------------------