SRX

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



Expand all | Collapse all

Juniper SRX340 Configuration Issues Migrating from SSG140

  • 1.  Juniper SRX340 Configuration Issues Migrating from SSG140

    Posted 08-24-2021 09:30

    Hi,

     

    I'm configuring an SRX340 device, and have mostly had success in getting it ready for production environment. Below is what I've successfully tested and verified as working to some degree:

    1. Internet access
    2. Static NAT, Source NAT
    3. Site to Site VPN

     

    All my routing is done through a single routing instance. My security policies are setup to permit/allow necessary traffic inbound and outbound. All my address book entries are located in global address book. I have source NAT set to permit all traffic outbound from trust to untrust zones.

     

    The static NAT (configured along with proxy-arp untrust interface) has several entries that is working properly, except for inbound Email. The interesting part about this one is that I'm getting inbound email through the firewall, but not from a specific remote exchange server database. We do have a Barracuda device setup as well on the network, and static NAT/security policies are configured for this. So, traffic is going over a site to site VPN to access this remote exchange server, which is working properly (I'm able to ping bidirectional, to both exchange servers and both barracuda devices). Is there something I'm missing here? I will be happy to attach my config, with IPs not given out.

     

    The other issue I've had is the internet bandwidth. When I've moved cabling from SSG140 (older current firewall) to SRX340 (newer firewall still in development stage), the download/upload speeds change from 70mbps down/70mbps up to 60mbps down/2mbps up, which is a significant decrease. With an upgrade to the firewall device shouldn't the bandwidth be a lot higher than this? Yes, I'm using CAT6 cable, and I'll have to check trace options in my next test go-around. Believe me, I've read Internet article after article, book after book to figure these issues out.

     

    Best Regards,

     

    Derek Hill

    Network Administrator

    Office: 936-588-7130

    Cell: 936-828-6319

     



  • 2.  RE: Juniper SRX340 Configuration Issues Migrating from SSG140

    Posted 08-25-2021 11:02
    Hi Derek,

    That may sounds odd, but in 2 our locations we had low bandwidth issue when SRX external interface was setup with auto-negotiations. Problem solved after we specify Link speed and no-auto-negotiations.

    Best.
    Alex

    ------------------------------
    Alex
    ------------------------------