If you configure logging on SRX as below [edit] user@srx100-1# show security log mode stream; format sd-syslog; source-address 192.168.3.1; stream syslogsrv1 { severity info; format sd-syslog; host { 192.168.103.20; port 514; } } and issue the command user@srx100-1> show security log Security logging is disabled Don’t panic! this command doesn’t tell you that your data
Read More »
As far as I know there is no single command to enable policy count option globally but you can do it via a group statement. Be aware that policy count is a performance affecting feature, so think twice if your traffic volume is high. Here is how we can do it; groups { policy_count {
Read More »
If you look at the following command’s output in an SRX device, you will possibly see the following output root@srx> show security flow status Flow forwarding mode: Inet forwarding mode: flow based Inet6 forwarding mode: drop MPLS forwarding mode: drop ISO forwarding mode: drop Flow trace status Flow tracing status: off Flow session distribution Distribution
Read More »
In an SRX device, even if you delete UTM configuration you may still see that control plane memory is above %80 percent. At least if I take my SRX100 device as an example; root@srx100-1> show chassis routing-engine Routing Engine status: Temperature 51 degrees C / 123 degrees F Total memory 1024 MB Max 666 MB
Read More »
If you haven’t seen this error message, you will see one day when you are dealing with SRX chasssis clusters. It may baffle you having a firewall in which you can’t display routes. It is all because of the fact that chassis cluster considers two nodes as a single data plane and routing functionality is
Read More »
I was thinking if I should write a short article for beginners to quickly configure an SRX firewall. I don’t know how many people will find it useful but I hope it will be for those who use SRX for the first time in their life. Let’s get started. Our topology in this tutorial is
Read More »
Today’s post is about static NAT configuration in SRX firewall. I have the following topology and aim is to translate IP network 192.168.211.16/28 to 192.168.250.32/28 and vice versa. JGW1 SRX has 192.168.250.1 in its uplink zone facing interface and 192.168.211.1 in trust zone facing interface and the static nat configuration for this setup is as
Read More »
In today’s post I would like to give an example on how to configure destination port forwarding in juniper srx. For this purpose I am using an ubuntu linux running web service at TCP 80 port and an SRX firewall in front of it. Our aim is to forward any request arriving SRX box at
Read More »
Under normal circumstances if you have a policy from trust zone to transit zone in a network like in the diagram and if you create traffic, packets have to be processed by flow daemon after which a session is created. What if you want to bypass this daemon and only use the packet mode for
Read More »
If you have a restricted policy that you have enforced for your internal clients but you want to allow traceroute requests from your internal clients towards another network you can do it as follows I suppose. You can create the following application and apply it on your security policy. [edit applications] root@srx100-1# application custom-traceroute {
Read More »
You must be logged in to post a comment.