Deprecated: Hook custom_css_loaded is deprecated since version jetpack-13.5! Use WordPress Custom CSS instead. Jetpack no longer supports Custom CSS. Read the documentation to learn how to apply custom styles to your site: in /var/www/ on line 6031
srx – Page 2 –

Category: srx

Hostname config in Chassis cluster

This is a small post to inform followers of this blog about a common mistake done in SRX cluster configuration. This is something I really need to write. A cluster has two various configuration stanza Node specific Global If you want to set something which is specific to only one node e.g node0 you configure
Read More »

Dual ISP failover with RPM ip-monitoring

Internet isn’t perfect and we may have link failures from time to time. How do we react to these failures? Manually or we have an automatic way. I would like to show on this post how Junos can take action upon an upstream gateway reachability issue and how SRX flow behaves in such a scenario.
Read More »

Address Books Explained

You can configure address book objects in various part of the configuration on SRX. Because we have several options, we need to know where we can use which address books. To explain address books simply, I have drawn the following graph. Group A This group contains the zone specific address book object and the configuration
Read More »

SRX AX411 Access Point Configuration

On SRX CLI, you can also manage AX411 Wireless Access Point. Configuration isn’t very difficult but if you don’t have prior experience it may look like a bit cumbersome. Below I will try to show how you can configure one of these access points if you ave just got one of these devices. This post
Read More »

SRX Transparent Mode

SRX can also function as a firewall device when it is in layer 2 mode i.e it can perform firewall functionality transparently. As of now there are certain limitations on transparent mode. If not changed already; You can either run the firewall in route mode or transparent mode but not mixed NAT and IPSEC aren’t
Read More »

flow trace without commit

On SRX, there is now a handy feature introduced in 12.1X46-D10. You can enable flow trace without going into configuration on the operational mode. I believe this will make troubleshooting easier as it saves time if you need to try different flow filters. Here is how you can enable a sample ICMP flow trace for
Read More »

Which Junos release to upgrade?

Upgrades are unavoidable I believe but we can ask ourselves the following upgrade related questions; when should we upgrade? why should we upgrade? to which release we should upgrade? I can just share my experience about these questions. As I have said, upgrades are unavoidable. If it isn’t due to a feature related bug, it
Read More »

IP Monitoring

In this post, I will show an example of how you can monitor a certain gateway for a specific route and if the gateway isn’t responding to ICMP requests, you can fail over to another gateway device. root@srx# run show route inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) Restart Complete
Read More »

Source address selection in traceroute

Have you ever thought how the IP addresses are chosen/selected in icmp time exceeded error messages when you run a traceroute command? Recently I was analyzing an issue and this really made a difference in troubleshooting. I have done the analysis on an SRX firewall and a Linux device and I have got different results.
Read More »