DDOS_PROTOCOL_VIOLATION_SET warning
All of a sudden things may start go wrong in your juniper switches and when you examine the logs you see the followings;
Category: srx
migrating zone based address book to global in Juniper SRX
I have written a small python3 script to convert SRX address books which are in zone base format to global. There was already a ready script on juniper forums but I saw they lack duplicate address checks and it couldn’t connect to some SRX devices. Below is the link to the code and how it
Read More »
SRX240 and SRX340 failure rates
Recently I upgraded dozens of SRX240H2 and SRX340 series Juniper firewalls and around %10 of SRX240H2 boxes either crashed during upgrade or after upgrade and none on 340 series. Although 340 is a newer platform, I would like to be positive and believe the fact that Juniper has improved both hardware and software quality. What
Read More »
SRX standard and structured syslogging
SRX can send the logs in two formats standard and structured. If you haven’t made any extra config, what you see in the traffic logs is usually standard one. However structured one is easier to read and parse. Look, it is in the format field_name = field_value, so you can parse it or more friendly.
Read More »
SRX Tips: Default application timeouts
It can be annoying if you are new to SRX and your SSH connection towards the firewall keeps timing out. You can of course activate keep alive on your SSH client or play with the default ssh timeout on SRX itself. First let’s see how we can check the current timeout. root@J200> start shell user
Read More »
SRX Tips: Static Host Mapping
After a year of being away from SRX, I have noticed that I forgot the CLI command to set a static hostname to IP mapping. If you haven’t used this feature so far, it simply allows you to have a /etc/hosts file similar to what we have in Linux and here is how we set
Read More »
How to avoid flow asymmetry on SRX
One of the challenges for those who are new to SRX and deploy a dual ISP scenario is to keep the symmetry of the packet flow. One picture worths thousand words so let’s have a look at what I am trying to say. I will explain each steps to see how things may go different
Read More »
Wonderful tool traceroute monitor
There is one traceroute option which you might not have noticed so far: It is the monitor. I use this option during packet drop issues from time to time to see if there is any hop on the path which might be causing some drop or latency. It is extremely handy and you can also
Read More »
SRX for beginners #2
After my srx for beginners post has become the most popular article of this blog, I have decided to improve it a little bit as it is missing some vital information. Without talking too much let’s summarize what we will do in this post What is a flow session? How can we interpret a flow
Read More »
Fragmented IP packet forwarding
I couldn’t really find a suitable topic for this post actually but I will try to find answers for the following questions: How can we fragment an IP packet manually in scapy How does a fragmented packet look like and how the transport layer (TCP/UDP) header is located How do we forward fragmented packets, do
Read More »
You must be logged in to post a comment.