Switching

 View Only

IMPORTANT MODERATION NOTICE

This community is currently under full moderation, meaning  all posts will be reviewed before appearing in the community. Please expect a brief delay—there is no need to post multiple times. If your post is rejected, you'll receive an email outlining the reason(s). We've implemented full moderation to control spam. Thank you for your patience and participation.



  • 1.  firewall rule

    Posted 07-04-2022 15:25
    Hello Guys,
    i have a couple of firewall where the connection with the Solarwinds suddently stop with the 

    ERROR: Running config: Connection Refused by 172.x.x.x(ip of the devices) could this be the problem with ACL or the firewall rules ?
    during my investigation when  i issued the command: #sh conf | display set | match IP (solarwinds ) there is no result from the devices. 
    Could the command #set firewall family inet filter ACL-Admin term SSH from source-address 10.X.X.X (ip of the solarwinds resolved the issue )?

    Thanks in advance

    ​​

    ------------------------------
    DIEUDONNE LEUMALEU FEUDE
    ------------------------------


  • 2.  RE: firewall rule

     
    Posted 07-04-2022 18:52
    The configuration needed to allow the connection would depend on a number of factors.  So we would need some more information.

    What is the device being polled by solar winds? SRX/MX/EX etc

    Is the firewall you are needed to check an SRX?

    Is this the endpont itself or just a transit firewall protecting the end point asset?

    For SRX devices as the endpoint you would need to permit the connection in the security zone for the polled interface for the allowed protocols.
    security security-zone ZONE_NAME  host-inbound-traffic

    For other Junos devices these will be open by default but might have a protect RE firewall filter that would need the term allowing the polling.

    For a transit SRX protecting an asset you would look for an active flow being permitted not the ip address in the configuration.
    show security flow session source-prefix 172.x.x.x/32

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------