The configuration needed to allow the connection would depend on a number of factors. So we would need some more information.
What is the device being polled by solar winds? SRX/MX/EX etc
Is the firewall you are needed to check an SRX?
Is this the endpont itself or just a transit firewall protecting the end point asset?
For SRX devices as the endpoint you would need to permit the connection in the security zone for the polled interface for the allowed protocols.
security security-zone ZONE_NAME host-inbound-traffic
For other Junos devices these will be open by default but might have a protect RE firewall filter that would need the term allowing the polling.
For a transit SRX protecting an asset you would look for an active flow being permitted not the ip address in the configuration.
show security flow session source-prefix 172.x.x.x/32
------------------------------
Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
http://puluka.com/home------------------------------
Original Message:
Sent: 07-04-2022 15:24
From: DIEUDONNE LEUMALEU FEUDE
Subject: firewall rule
Hello Guys,
i have a couple of firewall where the connection with the Solarwinds suddently stop with the ERROR: Running config: Connection Refused by 172.x.x.x(ip of the devices) could this be the problem with ACL or the firewall rules ?
during my investigation when i issued the command: #sh conf | display set | match IP (solarwinds ) there is no result from the devices.
Could the command #set firewall family inet filter ACL-Admin term SSH from source-address 10.X.X.X (ip of the solarwinds resolved the issue )?
Thanks in advance
------------------------------
DIEUDONNE LEUMALEU FEUDE
------------------------------