SRX Next-Gen Firewalls

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • When i do: show security flow session destination-port 443 source-prefix [client-pub-ip]/32 I can see results for the pp0.0 ip, When waiting some time. the list is empty again, When trying to use the fiber ip, there is no result. My nat ...

  • Can you check the connection status during a test. This will show the security policy and nat hit and packet counts show security flow session destination-port 443 I'm wondering if the return path is not working because of the virtual router. ...

  • Hi Jeffrey, You are correct, typically you will be able to place the Secure Tunnel interfaces into your specified zones and then configure Security Policies to govern traffic between them. Of course, ensure that both zones are in the same routing instance ...

  • Good day SPuluka, Thanks (again 😏) for your reply. Yes, it is an exact copy of the "untrust" policy. And a very simple one. Just to be sure, i checked it, output is bellow. show security policies from-zone untrust-fiber From zone: ...

  • Is there also a inbound security policy for the new untrust-fiber zone to permit the traffic matching the original untrust zone policy? ------------------------------ Steve Puluka BSEET - Juniper Ambassador IP Architect - DQE Communications Pittsburgh, ...

  • Hi Andrea, You don't mention what version of Junos you are running but in this configuration Junos version 22.2R3-S2 is jtac recommended. Cheers -Tom

  • Good day, I have a SRX240 with 2 isp's the primary use a PPoE pp0.0 and work as expected The secondary use ethernet with vlan tagging. I switched some of the ipsec tunnels to this new connection, and works fine. i also want to use destination ...

Unanswered Posts

Top Contributors in the Community