I would like to share some of my IPSEC testings which I hope very close to a real life example. Below is the topology of this lab. J41 device is the IPSEC HUB and J23 and J21 devices are spokes. What I wanted to achieve is if J23 loses connectivity with the primary IKE end point
Read More »
I have been playing with a multicast setup in SRX packet mode for a few days. I am not very familiar with multicast and reading multicast documents don’t really help me much as long as I don’t set up a lab in which I can do a real life example. Below is my topology I used
Read More »
For troubleshooting purposes I find the file /var/log/inventory quite useful. You know why? If you haven’t displayed this file so far, go and run the command >show log inventory Jan 1 00:16:44 CHASSISD release 10.4R4.5 built by builder on 2011-05-06 06:19:27 UTC Jan 1 00:16:44 FPC - part number 750-111111, serial number ATXXXXXXX With this
Read More »
I was playing with a test MPLS network today and I saw that my LSP isn’t UP. When I checked with the show mpls command , I have seen the following “MPLS label allocation failure” message. Then I checked the 192.168.23.1 router to troubleshoot the issue. The issue was again I forgot to enable mpls
Read More »
Starting with junos 11.4R5 (If I remember correctly), you can also forward ports by static nat configuration. We were able to do this only by destination nat feature but it was a bit clunky in comparison to this feature. Configuration is pretty straight forward. You redirect the port number “80” in destination-port statement to the
Read More »
If your SRX device has 1GB memory and you are using IDP and/or Antivirus then you may play with the memory allocation a bit with a new feature introduced in 11.4. As I always do, I will show it by an example; Here is my srx100 memory utilization; root@srx100-1> show chassis routing-engine Routing Engine status:
Read More »
If you configure logging on SRX as below [edit] user@srx100-1# show security log mode stream; format sd-syslog; source-address 192.168.3.1; stream syslogsrv1 { severity info; format sd-syslog; host { 192.168.103.20; port 514; } } and issue the command user@srx100-1> show security log Security logging is disabled Don’t panic! this command doesn’t tell you that your data
Read More »
As far as I know there is no single command to enable policy count option globally but you can do it via a group statement. Be aware that policy count is a performance affecting feature, so think twice if your traffic volume is high. Here is how we can do it; groups { policy_count {
Read More »
One of the things that I need during troubleshooting sessions is to run a specific command at regular intervals. Instead of doing this manually you can create a tiny script to run your command every second for you. Here is how you can do it; while [ 1 ] do cli -c "show route receive-protocol
Read More »
If you look at the following command’s output in an SRX device, you will possibly see the following output root@srx> show security flow status Flow forwarding mode: Inet forwarding mode: flow based Inet6 forwarding mode: drop MPLS forwarding mode: drop ISO forwarding mode: drop Flow trace status Flow tracing status: off Flow session distribution Distribution
Read More »
You must be logged in to post a comment.