1) An ICMP packet occupies a session entry in SRX 2) There is an intra-zone policy applied by default so packets belonging to the same zone but in different interfaces cannot traverse unless there is a intra-zone policy permitting them. 3) If the policy doesn’t allow a packet, it cannot be seen in monitor traffic
Read More »
Today I learned a handy option in show command which is particularly useful when debugging trace files. For example if you display a debug file host>show log debug.log Apr 8 21:36:29 21:36:28.1118827:CID-0:RT:packet [60] ipid = 60723, @4094a01c Apr 8 21:36:29 21:36:28.1118978:CID-0:RT:---- flow_process_pkt: (thd 3): flow_ctxt type 13, common flag 0x0, mbuf 0x40949e80, rtbl_idx = 0 Apr 8
Read More »
You can find step by step instructions to set up an SRX firewall chassis cluster in different branch models. Before starting your cluster config, please make sure you have installed the JTAC recommended release which you can find at http://kb.juniper.net/KB21476 Please note that these instructions below belong to several branch models each of which has
Read More »
Today I played with policies in SRX and made a policy change which is supposed to block SSH traffic from internal clients to outside networks. I made the change and committed the configuration but I saw that my SSH connection was still alive and connection wasn’t dropped. However when I disconnect and try to reconnect,
Read More »
You must be logged in to post a comment.