Category: srx

SRX240 and SRX340 failure rates

Recently I upgraded dozens of SRX240H2 and SRX340 series Juniper firewalls and around %10 of SRX240H2 boxes either crashed during upgrade or after upgrade and none on 340 series. Although 340 is a newer platform, I would like to be positive and believe the fact that Juniper has improved both hardware and software quality. What
Read More »

SRX standard and structured syslogging

SRX can send the logs in two formats standard and structured. If you haven’t made any extra config, what you see in the traffic logs is usually standard one. However structured one is easier to read and parse. Look, it is in the format field_name = field_value, so you can parse it or more friendly.
Read More »

SRX Tips: Default application timeouts

It can be annoying if you are new to SRX and your SSH connection towards the firewall keeps timing out. You can of course activate keep alive on your SSH client or play with the default ssh timeout on SRX itself. First let’s see how we can check the current timeout. root@J200> start shell user
Read More »

SRX Tips: Static Host Mapping

After a year of being away from SRX, I have noticed that I forgot the CLI command to set a static hostname to IP mapping. If you haven’t used this feature so far, it simply allows you to have a /etc/hosts file similar to what we have in Linux and here is how we set
Read More »

How to avoid flow asymmetry on SRX

One of the challenges for those who are new to SRX and deploy a dual ISP scenario is to keep the symmetry of the packet flow. One picture worths thousand words so let’s have a look at what I am trying to say. I will explain each steps to see how things may go different
Read More »

SRX for beginners #2

After my srx for beginners post has become the most popular article of this blog, I have decided to improve it a little bit as it is missing some vital information. Without talking too much let’s summarize what we will do in this post What is a flow session? How can we interpret a flow
Read More »

Fragmented IP packet forwarding

I couldn’t really find a suitable topic for this post actually but I will try to find answers for the following questions: How can we fragment an IP packet manually in scapy How does a fragmented packet look like and how the transport layer (TCP/UDP) header is located How do we forward fragmented packets, do
Read More »

Hostname config in Chassis cluster

This is a small post to inform followers of this blog about a common mistake done in SRX cluster configuration. This is something I really need to write. A cluster has two various configuration stanza Node specific Global If you want to set something which is specific to only one node e.g node0 you configure
Read More »