SRX Next-Gen Firewalls

 View Only
last person joined: 9 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat Labs SRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • Thanks y'all. Your comments came in handy for me tonight. My vSRX nodes in EVE-NG are KVM type (junos-vsrx3-x86-64-23.2R2.21.qcow2) and are defaulting to 2048 RAM and qemu nic - tpl(e1000) When they boot up I see 11 system interfaces ...

  • Profile Picture

    RE: SRX550, 10g how?

    I've used 10g DAC on SRX successfully, but not on the 550 specifically. ------------------------------ Nikolay Semov ------------------------------

  • " On ethernet connections, the next-hop address is the address of the device where traffic should go next, so in your case that's the ISP's address" I will dig into this, but I am not quite sure that is required because we have a local static route ...

  • In the sample configuration in the article, the IP of their interfaces are 10.1.1. 1 and 10.2.2. 1 . The next-hops are 10.1.1. 2 and 10.2.2. 2 . On ethernet connections, the next-hop address is the address of the device where traffic should ...

  • Nikolay, We based our filter on this one, which also has two ISPs, but in our case, we are not trying to create an HA configuration, just force traffic out one interface. They reference the IP of the interface. https://supportportal.juniper.net/s/article/How-to-configure-Filter-Based-Forwarding-on-SRX-for-a-typical-dual-ISP-scenario?language=en_US ...

  • No, what I meant is if reth2 has IP 20.20.20.1/28, for example, and the ISP gateway is at 20.20.20.14, then ip_of_reth2 would be 20.20.20.1. But route 0.0.0.0/0 should have next-hop of 20.20.20.14, not ip_of_reth2. Thanks for letting me know about the ...

  • Nikolay, " In the New-route-table instance, the 0.0.0.0/0 route should specify the address of the other device (gateway) connected to reth2, not the ip_of_reth2 itself." This is our firewall which is beyond any gateway device. The next-hop is the ...

Announcements

  • Introducing Juniper Support Portal (JSP) Mobile App for iOS

    The Juniper Support Portal (JSP) Mobile App is now available for customer use on iOS platforms. The app is designed to provide mobile access for on-the-go service support. 

    What’s available?

    • Live Chat Support
    • Instant Notifications
    • Knowledge Base Access 

Unanswered Posts

Top Contributors in the Community