There are a couple of handy commands which you can use if you have a JSRP cluster. For example following two commands can be used for copying a file or directory e.g from node0 to node1 : >file copy /tmp/test_file.txt node1:/tmp/ %rcp -T /tmp/test_file.txt node1:/tmp/ If you want to copy directory you should also include
Read More »
I wasn’t planning to put my notes about packet capture here today but I have got an issue with my ESX server file upload component. I kept receiving “I/O Error” during a file upload to datastore directly or big (e.g 1-2 GB) ova file deployments. I took several captures with no positive result in the
Read More »
If you want to mirror traffic entering and exiting a specific port (e.g ge-0/0/11.0) you can use the following configuration to mirror the traffic to any other port (e.g ge-0/0/10.0) Here is the configuration I wrote in an ex2200 switch. Port mirroring in EX switches [edit ethernet-switching-options analyzer port-mirror] root@ex2200-1# show input { ingress {
Read More »
DHCP configuration is very straight forward in junos. However if you are like me, you can even forget that gateway address must be within the advertised pool. Here is a simple config set system services dhcp default-lease-time infinite set system services dhcp domain-name rtoodtoo.net set system services dhcp name-server 8.8.8.8 set system services dhcp name-server
Read More »
I am writing in this post how we can configure our openldap server in a linux system and let dynamic VPN users in SRX authenticate through it. As installing ldap isn’t covered in this post, please check your Linux distribution’s documentation. My test system involves the following components and path names may change depending on
Read More »
There are several ways of blocking certain type of traffic. One of them is a firewall filter. You may be asking why to use firewall filter instead of a security policy. The reason is firewall filter is at the very early stage of packet processing and it needs less processing power than security policies. You
Read More »
I have got a very strange error as below when I tried to configure web authentication on my SRX junos 11.1R4.4 [edit system services] root@fw1# commit [edit interfaces vlan unit 10 family] 'inet' Web-authentication address 192.168.1.1/24 is not within the subnet of any address on this interface error: configuration check-out failed I didn’t actually recall
Read More »
JunOS can have two modes which are Flow and Packet mode in the following devices; J-series services routers (I think after 9.3 version). This is also called junos enhanced services (junos-es) SRX security devices In default configuration SRX devices work in flow mode by which security policies are in place and unless otherwise allowed, packets
Read More »
Here is a command I have just seen. Command takes you to flow daemon and allows several advanced troubleshooting options. It is good to look deeply. root@host>start shell pfe network fwdd BSD platform (OCTEON processor, 136MB memory, 1024KB flash) FLOWD_OCTEON(host vty)#
If you want to debug a packet flow you can use the following config by which testdebug.log file will contain icmp traffic debugs. [edit security flow] root@host# show traceoptions { file testdebug.log; flag basic-datapath; packet-filter look-icmp { protocol icmp; } }
You must be logged in to post a comment.