Routing

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
  • 1.  Is it normal we can see ssh attempt in log message on EX4650 even it already do protect-re?

    Posted 07-19-2023 16:00

    Hi all,

    Is anyone here can verify in your existing EX switch whether it's normal we still can see ssh log attempt in log messages even we already do some protect-RE that allow certain prefix that can ssh only and apply on loopback interface? Because i compare in MX series it should not see SSH attempt in the log message if we already apply protect-RE in loopback interface.

    Thanks and appreciate any feedback to make sure it not issue and it as per design on EX series.



  • 2.  RE: Is it normal we can see ssh attempt in log message on EX4650 even it already do protect-re?

     
    Posted 07-20-2023 04:48

    Hi,

    I'm not aware of design difference that would lead to this, so:

    1. Can you please share the SW version used?
    2. Are you using the exact same protect-RE firewall filter on EX than on the MX you're comparing with?
    3. Do you have (or can add) count or even log actions to the fwf terms to see if the firewall filter is matching at all / which terms?
    4. Can you remove one address from the allowed (internal) prefixes and test whether that allows you to reproduce the issue?

    Regards

    Ulf




  • 3.  RE: Is it normal we can see ssh attempt in log message on EX4650 even it already do protect-re?

    Posted 07-20-2023 11:22

    Hi @Ulf

    My EX4650 using junos version21.4R3-S3.4. Currently JTAC test in their lab with same config with for firewall filter but they cannot get same behaviour like me. The junos version on JTAC lab was 21.4R3-S2 . I'm waiting JTAC to upgrade their junos version same like me and they will retest again,

    Thanks