SRX Next-Gen Firewalls

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • Profile Picture

    Archive Configs

    I currently am setting up an SRX-345 and having an issue with archive config. I have a running SRX-210 that does this just fine so I know it has worked. I'm following the instructions from Juniper - https://supportportal.juniper.net/s/article/How-to-use-scp-to-archive-configuration-to-a-remote-device-when-executing-a-commit-operation?language=en_US ...

  • Here is the link. https://learn.microsoft.com/en-us/defender-for-identity/deploy/configure-event-forwarding Here is my topology. Arris (xfinity gateway) -> srx300 -> Asus AP(5300) -> Asus media bridge(rt-ac68u) -> Avaya switch cluster ...

  • I'm kinda just listening in here, but I got kind of a similar situation. In my case it is redundancy that does not process the events properly. That is my belief. I believe it is a layer 2 thing and perhaps loopback related. At times my service-events ...

  • Hi @spulika, I'm facing issues with event-options also, but in an SRX1500 in chassi cluster. The 1st thing I tried was with RPM and IP-Monitoring, but that worked fine only for adding remove routes, not changing configurations like I need because I ...

  • Add zone VPN host-inbound-traffic system-services ssh. Also, in general, you can use show security packet-drop records to see why traffic is being dropped. For more details, you can use monitor security flow (with a filter!!!) which will show you ...

  • Hey, not sure yet but apparently under security remote-access "default-profile" configuration was deprecated due to changes in how the profiles are named. Before you had profile name which you entered after the GW URL/IP Like Profile FullTunnel (users ...

  • Did you manage to resolve this? If not, I'd suggest 'downgrading' to 23.4R2-S3. It's perhaps a little too soon to be using v24 in production. Also, are you using vpn-monitor on the tunnels? If so, try removing it.

Announcements

  • Introducing Juniper Support Portal (JSP) Mobile App for iOS

    The Juniper Support Portal (JSP) Mobile App is now available for customer use on iOS platforms. The app is designed to provide mobile access for on-the-go service support. 

    What’s available?

    • Live Chat Support
    • Instant Notifications
    • Knowledge Base Access 

Unanswered Posts

  • 1 person recommends this.

Top Contributors in the Community