SRX Next-Gen Firewalls

Keep in mind that I already have a policy like yours and that does not allow me to ping any nated public IP from the trust policy trust-to-trust { match { source-address any; destination-address ...

I did try this but when I ping the domain or public IP behind the firewall it doe not work from-zone trust to-zone trust { policy our-hairpin-policy { match { source-address any; ...

Hi Jay, Reiterating on what Steve was saying. You need to have a security policy to allow traffic from your servers, back to your servers. Security Policy is evaluated after NAT operations so you must use the ultimate source and destination addresses. ...

Hi James, It sounds like you have done the right thing... You have added the policy to allow traffic from-zone to the same zone. Would you mind sharing just the interface configuration and the security policy you have configured? (You can change ...

Hey Mate, The SRX650 is a bit of a difficult one. I'm not sure that the USB works as the documentation only refers to a compact flash card and USB operations do not work. Have you tried the " request system snapshot media usb" command? The 'external' ...

Hello Koos147, Yes, you can NAT traffic going into and coming from ipsec tunnel. If the tunnel between 3rd party and main office is working , is it also using st0.249 ? It will be strange if it works for other traffic but says tunnel not found for ...

Hello TheDisciple, the zones names contains company names. so number 1 is lost in translation :) my bad. For point 2, the route from main office to 3th party is working fine for devices on main office. are you sure that it is possible to use nat ...