SRX Next-Gen Firewalls

 View Only
last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Welcome!

If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!

Need additional guidance?  Check out these Juniper Resources.

Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins

Latest Discussion Posts

  • Out of curiosity, how come the return traffic is arriving on the node it didn't go out of? ------------------------------ Nikolay Semov ------------------------------

  • Hi Nikolay. Thank you for your insights. As I mentioned the reason we look into this is because we have uplinks to the Internet on both the secondary node and the primary node in an SRX cluster. When ICMP requst goes out the interface on the primary ...

  • Also, ICMP sessions are quite ephemeral. Or maybe I just can't think of a use case where an ICMP session has to survive for much longer than a couple of packets. So why bother syncing it up to the backup anyway. ------------------------------ Nikolay ...

  • ICMP session sync would prevent you from pinging your secondary node thought the primary (in cases where you have, say, different addresses on fxp0 and you're pinging the two boxes separately). Say your pint request arrives from a remote place via st0 ...

  • Sure thing. Worth posting for others to see -- because (as I didn't really highlight in my last reply) - The additional sub-CA servers were a change from the last time the cert on the SRX was re-newed 3mo ago. Like - literally a matter of weeks after ...

  • Sounds like a nasty surprise, especially if you have many clients... Glad you got it working, and thanks for posting the update. ------------------------------ Nikolay Semov ------------------------------

  • It turns out - what you mentioned was a derivative of this. (no thanks to JTAC - they were still scratching their heads when I figured this out) So - LetsEncrypt ADDED some sub-CA servers in the path. Those needed to be added to the SRX... but then ...

Announcements

  • Introducing Juniper Support Portal (JSP) Mobile App for iOS

    The Juniper Support Portal (JSP) Mobile App is now available for customer use on iOS platforms. The app is designed to provide mobile access for on-the-go service support. 

    What’s available?

    • Live Chat Support
    • Instant Notifications
    • Knowledge Base Access 

Unanswered Posts

Top Contributors in the Community