SRX Next-Gen Firewalls

 View Only
last person joined: 22 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • I did try this but when I ping the domain or public IP behind the firewall it doe not work from-zone trust to-zone trust { policy our-hairpin-policy { match { source-address any; ...

  • Hi Jay, Reiterating on what Steve was saying. You need to have a security policy to allow traffic from your servers, back to your servers. Security Policy is evaluated after NAT operations so you must use the ultimate source and destination addresses. ...

  • Hi James, It sounds like you have done the right thing... You have added the policy to allow traffic from-zone to the same zone. Would you mind sharing just the interface configuration and the security policy you have configured? (You can change ...

  • Hey Mate, The SRX650 is a bit of a difficult one. I'm not sure that the USB works as the documentation only refers to a compact flash card and USB operations do not work. Have you tried the " request system snapshot media usb" command? The 'external' ...

  • Hello Koos147, Yes, you can NAT traffic going into and coming from ipsec tunnel. If the tunnel between 3rd party and main office is working , is it also using st0.249 ? It will be strange if it works for other traffic but says tunnel not found for ...

  • Hello TheDisciple, the zones names contains company names. so number 1 is lost in translation :) my bad. For point 2, the route from main office to 3th party is working fine for devices on main office. are you sure that it is possible to use nat ...

  • Hello Koos147, It looks like there are 2 fold issues : The Source NAT did not occur because from-zone in Source NAT is written as "external-location" whereas flow trace shows that incoming st0 interface lies in warehouse-vpn . Therefore, it does ...

Unanswered Posts

Top Contributors in the Community