SRX Next-Gen Firewalls

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • Hello folks, I see on my srxk5 rel21.2r3 that FXP0.0 is sending out ARP request for some not-used (not added in the configuration) IP addresses. Is that expected? Is there any way to deeply check this? Many thanks for your help

  • This message was posted by a user wishing to remain anonymous The Firefox web clients on the workstations are configured to use the firewall as explicit web proxy. The firewalls (in cluster mode) are configured to use the customer's proxy as an explicit ...

  • Out of curiosity, how come the return traffic is arriving on the node it didn't go out of? ------------------------------ Nikolay Semov ------------------------------

  • Hi Nikolay. Thank you for your insights. As I mentioned the reason we look into this is because we have uplinks to the Internet on both the secondary node and the primary node in an SRX cluster. When ICMP requst goes out the interface on the primary ...

  • Also, ICMP sessions are quite ephemeral. Or maybe I just can't think of a use case where an ICMP session has to survive for much longer than a couple of packets. So why bother syncing it up to the backup anyway. ------------------------------ Nikolay ...

  • ICMP session sync would prevent you from pinging your secondary node thought the primary (in cases where you have, say, different addresses on fxp0 and you're pinging the two boxes separately). Say your pint request arrives from a remote place via st0 ...

  • Sure thing. Worth posting for others to see -- because (as I didn't really highlight in my last reply) - The additional sub-CA servers were a change from the last time the cert on the SRX was re-newed 3mo ago. Like - literally a matter of weeks after ...

Announcements

  • Introducing Juniper Support Portal (JSP) Mobile App for iOS

    The Juniper Support Portal (JSP) Mobile App is now available for customer use on iOS platforms. The app is designed to provide mobile access for on-the-go service support. 

    What’s available?

    • Live Chat Support
    • Instant Notifications
    • Knowledge Base Access 

Unanswered Posts

Top Contributors in the Community