SRX Next-Gen Firewalls

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • Hi Nikolay, Just noticed that the ipsec tunnel was outbound. Temporary enabled ssh on the interface and was able to login remotely show security flow session source-prefix [remoteip]/32 destination-port 22 Session ID: 980, Policy name: self-traffic-policy/1, ...

  • @Koos147 Check the fiber routing table to make sure it has the correct route to your server. Out of curiosity, what JunOS version are you running. Does show monitor security flow give you any output? @spuluka Reverse route should be looked up ...

  • When i do: show security flow session destination-port 443 source-prefix [client-pub-ip]/32 I can see results for the pp0.0 ip, When waiting some time. the list is empty again, When trying to use the fiber ip, there is no result. My nat ...

  • Can you check the connection status during a test. This will show the security policy and nat hit and packet counts show security flow session destination-port 443 I'm wondering if the return path is not working because of the virtual router. ...

  • Hi Jeffrey, You are correct, typically you will be able to place the Secure Tunnel interfaces into your specified zones and then configure Security Policies to govern traffic between them. Of course, ensure that both zones are in the same routing instance ...

  • Good day SPuluka, Thanks (again 😏) for your reply. Yes, it is an exact copy of the "untrust" policy. And a very simple one. Just to be sure, i checked it, output is bellow. show security policies from-zone untrust-fiber From zone: ...

  • Is there also a inbound security policy for the new untrust-fiber zone to permit the traffic matching the original untrust zone policy? ------------------------------ Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, ...

Unanswered Posts

Top Contributors in the Community