SRX Next-Gen Firewalls

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • Profile Picture

    RE: SRX320 routing

    Hi Ivan, What is happening for you here is asymmetric routing... Your host 1.186 does not know where the 192.168.20 network resides so it sends traffic to its default route (FWA) FWA hairpins the traffic back to FWB, which passes traffic to 20.2 ...

  • Steve, Using "source-nat off" for those hosts did not work. However I used an approach identified by the article you provided that is working. It's a bit of a kludge, but I'm creating a single IP nat source pool and assigning it to each host with an ...

    1 person recommends this.
  • Profile Picture

    SRX320 routing

    Hello, at first my topology: I have 2 SRX320 FWs, let's call them FWA and FWB. In FWA I have configured 1 network 192.168.1.0/24 and multiple hosts connected to that network (vlan1 (irb.1) ge0/1 - ge0/5), FWA also connected to Internet. FWB is connected ...

  • Hi Ben, Juniper has moved away from the Pulse Secure Client to a Juniper Secure Connect Client. This Client is available from the Juniper Downloads Portal (granted you have a support contract). Some stanzas in the Juniper Documentation cause the ...

  • I'm going to go back to edit my initial subject to correct my shorthand/abbreviation. I've been talking to JTAC and the official word is Juniper no longer supports PulseSecure. They support "PulseSecureConnect". That has got to be one of the biggest ...

  • Using source-nat off for these explicit hosts isn't something I thought about. That's a good idea. That's a really good article too! Thank you. I'll need to spend some time reading and digesting it. This is exactly the kind of examples I was looking ...

  • From you description the reverse static nat is not being correctly seen before the source nat general rule. This would be a bug if happening. A possible work around would be to add a statement to the source nat rule before the nat all to interface ...

Unanswered Posts

Top Contributors in the Community