SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  DNS entries in firewall policies and the possibility to see TTL

    Posted 11 days ago

    Hi. 

    As mentioned in the article CEC Juniper Community, the SRX will do a DNS request to resolve the IP address for a DNS Host entry in a security policy. It will then keep this IP address for the DNS Host in the security policy until TTL expires. 

    We are currently seeing issues with this and I wonder if there is some way to see the TTL that the SRX has for a specific DNS Host in a security policy. As the article above mentions, you can see the record but not the TTL. 

     



    ------------------------------
    Best regards
    Vidar Stokke
    ------------------------------


  • 2.  RE: DNS entries in firewall policies and the possibility to see TTL
    Best Answer

    Posted 11 days ago

    I'm pretty sure show security dns-cache will give you what you're looking for.



    ------------------------------
    Nikolay Semov
    ------------------------------



  • 3.  RE: DNS entries in firewall policies and the possibility to see TTL

    Posted 10 days ago

    Once again you are absolutely right Nikolay. Thank you so much. 



    ------------------------------
    Best regards
    Vidar Stokke
    ------------------------------