SRX Next-Gen Firewalls

Hello Koos147, Yes, you can NAT traffic going into and coming from ipsec tunnel. If the tunnel between 3rd party and main office is working , is it also using st0.249 ? It will be strange if it works for other traffic but says tunnel not found for ...

Hello TheDisciple, the zones names contains company names. so number 1 is lost in translation :) my bad. For point 2, the route from main office to 3th party is working fine for devices on main office. are you sure that it is possible to use nat ...

Hello Koos147, It looks like there are 2 fold issues : The Source NAT did not occur because from-zone in Source NAT is written as "external-location" whereas flow trace shows that incoming st0 interface lies in warehouse-vpn . Therefore, it does ...

Thanks for pointing to the right direction. for what i understand the traffic never get translated. and therefore never matching the traffic selectors of the 3th party vpn. Sep 22 13:55:49 fwsrx320 clear-log[71004]: logfile cleared Sep 22 13:56:06 ...

The web article here: https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US Says ...

Hello Koos147, There could be a few reasons for the Pings to fail : It may be that the traffic is not making into the tunnel between head-office-lan and 3rd-party vpn. There could be certain security policy mismatch etc. I would start ...

Hi Victor, I changed it to " virtual-router" because this article. but you are right. It doesn't help. It's fine to use "forwarding" Juniper SRX FBF NAT issues | SRX I'm new in the community. My post was delayed because it needed to be checked ...