View Only
last person joined: yesterday 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  firewall rule

    Posted 07-04-2022 15:25
    Hello Guys,
    i have a couple of firewall where the connection with the Solarwinds suddently stop with the 

    ERROR: Running config: Connection Refused by 172.x.x.x(ip of the devices) could this be the problem with ACL or the firewall rules ?
    during my investigation when  i issued the command: #sh conf | display set | match IP (solarwinds ) there is no result from the devices. 
    Could the command #set firewall family inet filter ACL-Admin term SSH from source-address 10.X.X.X (ip of the solarwinds resolved the issue )?

    Thanks in advance



  • 2.  RE: firewall rule

    Posted 07-04-2022 18:52
    The configuration needed to allow the connection would depend on a number of factors.  So we would need some more information.

    What is the device being polled by solar winds? SRX/MX/EX etc

    Is the firewall you are needed to check an SRX?

    Is this the endpont itself or just a transit firewall protecting the end point asset?

    For SRX devices as the endpoint you would need to permit the connection in the security zone for the polled interface for the allowed protocols.
    security security-zone ZONE_NAME  host-inbound-traffic

    For other Junos devices these will be open by default but might have a protect RE firewall filter that would need the term allowing the polling.

    For a transit SRX protecting an asset you would look for an active flow being permitted not the ip address in the configuration.
    show security flow session source-prefix 172.x.x.x/32

    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)