SRX Next-Gen Firewalls

Hi Ivan, What is happening for you here is asymmetric routing... Your host 1.186 does not know where the 192.168.20 network resides so it sends traffic to its default route (FWA) FWA hairpins the traffic back to FWB, which passes traffic to 20.2 ...

Steve, Using "source-nat off" for those hosts did not work. However I used an approach identified by the article you provided that is working. It's a bit of a kludge, but I'm creating a single IP nat source pool and assigning it to each host with an ...

Hello, at first my topology: I have 2 SRX320 FWs, let's call them FWA and FWB. In FWA I have configured 1 network 192.168.1.0/24 and multiple hosts connected to that network (vlan1 (irb.1) ge0/1 - ge0/5), FWA also connected to Internet. FWB is connected ...

Hi Ben, Juniper has moved away from the Pulse Secure Client to a Juniper Secure Connect Client. This Client is available from the Juniper Downloads Portal (granted you have a support contract). Some stanzas in the Juniper Documentation cause the ...

I'm going to go back to edit my initial subject to correct my shorthand/abbreviation. I've been talking to JTAC and the official word is Juniper no longer supports PulseSecure. They support "PulseSecureConnect". That has got to be one of the biggest ...

Using source-nat off for these explicit hosts isn't something I thought about. That's a good idea. That's a really good article too! Thank you. I'll need to spend some time reading and digesting it. This is exactly the kind of examples I was looking ...

From you description the reverse static nat is not being correctly seen before the source nat general rule. This would be a bug if happening. A possible work around would be to add a statement to the source nat rule before the nat all to interface ...