how to disable UTM in SRX

In an SRX device, even if you delete UTM configuration you may still see that control plane memory is above %80 percent. At least if I take my SRX100 device as an example; root@srx100-1> show chassis routing-engine Routing Engine status: Temperature 51 degrees C / 123 degrees F Total memory 1024 MB Max 666 MB
Read More »

Trunk between Cisco,EX switch and SRX

Today I needed to test communication between a Cisco switch and EX switch to carry traffic via a trunk port from a PC to the final destination SRX device. I thought it is worth putting my config here for future reference as I am not working with cisco/ex switches much. Above is my exact topology
Read More »

Configuring virtual router

I just want to talk about briefly how you can configure a simple virtual router in Junos. For this I have drawn a physical and a logical view of my simple topology. In physical view, you can see that there is only one SRX but logically there are actually one virtual router connected from interface
Read More »

error: the routing subsystem is not running

If you haven’t seen this error message, you will see one day when you are dealing with SRX chasssis clusters. It may baffle you having a firewall in which you can’t display routes. It is all because of the fact that chassis cluster considers two nodes as a single data plane and routing functionality is
Read More »

Junos per packet load balancing

If you have two multiple equal cost paths to the same destination, JunOS behavior is to pick up one of the next-hops and use that one. For example in the following scenario, Junos keeps sending the packets via the ge-0/0/0.41 interface. root@R4> show route 172.16.1.0 inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0
Read More »

Effect of MRU setting on EX Switch

MRU (Maximum Receive Unit) has a close relation to MTU but as far as I can see it has different effects in various active devices. For example setting an MTU value of 1000 on an Ethernet interface of a Linux machine or an SRX box doesn’t prevent the larger packet from being accepted. However if
Read More »

MTU and PMTU on JunOS

I would like to talk about couple of things in this post about MTU on JunOS; Why do we have two different MTU settings i.e at interface and logical level? What is the meaning of path mtu discovery on a junos box How MTU is important for OSPF? Actually all started with my OSPF tests
Read More »

JWEB and Dynamic VPN page

There seems to be a confusion about how JWEB and dynamic VPN authentication page are working in parallel. I hope to give some tips I know in this post. For example, if you have the following config, what does it really mean for JWEB? [edit] root@srx# show system services web-management { https { system-generated-certificate; interface
Read More »

GRE tunnel configuration in SRX

I will configure GRE (Generic Routing Encapsulation) between two Juniper SRX firewal devices. If you want to learn more about the protocol see RFC2784. I will just demonstrate how two networks can be connected to each other via a tunnel. I will also show how SRX security policy should be configured in order to pass
Read More »

SRX reset button for factory/rescue configuration

I will briefly write about Branch SRX alarm led and reset button in this post. 1) Alarm led Today when I deleted my rescue configuration via; > request system configuration rescue delete command, then minutes later I noticed that alarm led on the front panel turned to amber. First I couldn’t guess that alarm is
Read More »