SRX Next-Gen Firewalls

 View Only
last person joined: 4 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • I will also take a closer look at this Nikolay. I'll keep you posted. ------------------------------ Best regards Vidar Stokke ------------------------------

  • I'd like to be able to ssh to the public IP of my SRX from my Head Quarters office. I have an object already for the HQ IP range. The public IP on the SRX is on the untrust network. I created a rule permitting SSH from HQ (via untrust) to untrust but ...

  • Oh, right... You'll have to upgrade the routing instance to virtual-router in order to put the GRE tunnel in it. That, of course, will comes with more work: I'm not sure if the PBR filter will let you pick a virtual-router instance. If you need to ...

  • Hi Nikolay, It is not possible to apply a interface to a forwarding instance as far as I know. Documentation says: Forwarding-Use this routing instance type for filter-based forwarding applications. For this instance type, there is no one-to-one mapping ...

  • Hi Nicolay, Forwariding instances don't hav interfaces attached: Forwarding-Use this routing instance type for filter-based forwarding applications. For this instance type, there is no one-to-one mapping between an interface and a routing instance. ...

  • Share config perhaps, to give clues. ------------------------------ Nikolay Semov ------------------------------

  • I don't have a box running 22 to test with, but I saw this in a recently-updated KB, except in their example they're using it to match the source-address rather than the destination-address. https://supportportal.juniper.net/s/article/SRX-DNS-name-is-not-a-supported-address-or-address-set-type-in-NAT-rules?language=en_US ...

Unanswered Posts

Top Contributors in the Community