SRX

 View Only
last person joined: 5 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX1400 a new installation

    Posted 05-24-2018 03:43

    Dear all,

     

       I have a new SRX1400 configuration, after i finish configuration i connect a Laptop interface to ge 0/0/0 , but i cannot reach ge 0/0/0 IP Address from my Laptop and also cannot reach my Laptop IP address from ge 0/0/0 , that is my configuration:

     

    Laptop interface ip address: 192.168.3.1

     

    admin@CIG-HQ# run show configuration
    ## Last commit: 2018-05-24 11:18:27 UTC by admin
    version 12.3X48-D30.7;
    system {
    host-name CIG-HQ;
    root-authentication {
    encrypted-password "$1$7q9.bQor$DL82Udw7QTglbnw8QKaLE1"; ## SECRET-DATA
    }
    login {
    user admin {
    uid 2000;
    class super-user;
    authentication {
    encrypted-password "$1$zCoWnNIU$ybHRtNyEddKjVv2BPO3oW/"; ## SECRET-DATA
    }
    }
    }
    services {
    ssh;
    telnet;
    web-management {
    http;
    }
    }
    }
    interfaces {
    ge-0/0/0 {
    unit 0 {
    family inet {
    address 192.168.3.3/24;
    }
    }
    }
    ge-0/0/1 {
    unit 0 {
    family inet {
    address 192.168.33.3/24;
    }
    }
    }
    fxp0 {
    unit 0 {
    family inet {
    address 192.168.1.1/24;
    }
    }
    }
    }
    snmp {
    community public {
    authorization read-only;
    }
    }
    routing-options {
    static {
    route 0.0.0.0/0 next-hop 192.168.3.1;
    }
    }

    [edit]
    admin@CIG-HQ#

     

     

    admin@CIG-HQ# run ping 192.168.3.3
    PING 192.168.3.3 (192.168.3.3): 56 data bytes
    64 bytes from 192.168.3.3: icmp_seq=0 ttl=64 time=0.247 ms
    64 bytes from 192.168.3.3: icmp_seq=1 ttl=64 time=0.159 ms
    64 bytes from 192.168.3.3: icmp_seq=2 ttl=64 time=0.167 ms
    64 bytes from 192.168.3.3: icmp_seq=3 ttl=64 time=0.174 ms
    ^C
    --- 192.168.3.3 ping statistics ---
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 0.159/0.187/0.247/0.035 ms

     

     

    [edit]
    admin@CIG-HQ# run ping 192.168.3.1 source 192.168.3.3
    PING 192.168.3.1 (192.168.3.1): 56 data bytes

     


    #JUNOS
    #SRX
    #firewall
    #Juniper


  • 2.  RE: SRX1400 a new installation

    Posted 05-24-2018 04:08

    as the SRX name says it is not a router it is a firewall, thus you need to

    either put it to packet-mode, then it behaves like a router

    or

    you need to configure zones and host in bound services

     

    regards

    alexander

     

    PS: Day One book about SRX up and running from juniper website can be a help



  • 3.  RE: SRX1400 a new installation

    Posted 05-24-2018 05:39

    thx for repling,

    okay i removed a Laptop and i add L3 Cisco switch,  i am also unable to ping from switch interface 0/25 to srx ge 0/0/0 interface.

     

     

    this is switch interface configuration:

     

    interface GigabitEthernet0/25
    no switchport
    ip address 192.168.3.1 255.255.255.0

     

     



  • 4.  RE: SRX1400 a new installation
    Best Answer

    Posted 05-24-2018 06:22

    Like Alexander mentioned, the SRX is a firewall by default and not a router.  The SRX interfaces will not process any traffic until they are assigned to security zones, the appropriate inbound traffic is permitted, and security policies are defined.  You will need to properly set up the 'security' portion of the config with all of those features before traffic will flow.  Or, you can set the device into packet mode and it will perform standard routing functions, but you lose all firewall functionality.

     

    The SRX Day One book available at https://www.juniper.net/us/en/training/jnbooks/day-one/srx-up-running/index.page should walk you through everything you'll need to configure.