SRX Next-Gen Firewalls

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • I will try that Thank you ------------------------------ LUIZ CASTILHO ------------------------------

  • The RA clients shouldn't overlap with your other subnets. They're fine on 10.10.x.x. It's just that your remote SRX has no idea how to reach them. On the second question, yes, I think so. Seems easier to me. You have to add route to 10.10.x.x on the ...

  • Thank you for the answer So my clients should be on the 140 or 144 network? also you are recommending to setup the site to site VPN to be route base? ------------------------------ LUIZ CASTILHO ------------------------------

  • This is all being done on the SRX using the JunOS built-in method for handling ACME/LE certs. I have a ticket open with Juniper now... so they can figure out what broke. (I've literally followed the step-by-step out of the knowledgebase that got me ...

  • The client side does not use the machine cert store. You need to add the cert chain to the app, see: https://www.juniper.net/documentation/us/en/software/secure-connect/secure-connect-user-guide/topics/topic-map/overview-juniper-secure-connect-client.html ...

  • If you're manually copying cert files to the SRX, have you tried including the entire certificate chain (device cert, intermediate cert, root cert) in the file as opposed to just the device cert? I don't remember what order they were supposed to go in ...

  • PCAP: https://supportportal.juniper.net/s/article/Includes-video-How-to-create-a-PCAP-packet-capture-on-a-SRX-branch-device?language=en_US Have you enabled any kind of SSL inspection on the SRX? Other than that, maybe something MTU-related. That's all ...

Unanswered Posts

Top Contributors in the Community