SRX can also function as a firewall device when it is in layer 2 mode i.e it can perform firewall functionality transparently. As of now there are certain limitations on transparent mode. If not changed already; You can either run the firewall in route mode or transparent mode but not mixed NAT and IPSEC aren’t
Read More »
On the previous post, I wrote about UTM Webfiltering. This post will provide a basic configuration example of Sophos Antivirus. Below is the simple topology we will use on this lab. [edit] root@srx# show security utm feature-profile anti-virus { type sophos-engine; sophos-engine { profile sophos-prof { fallback-options { content-size log-and-permit; engine-not-ready permit; out-of-resources permit; too-many-requests
Read More »
On SRX, you can configure different types of web filtering. On this post, I would like to talk about Local Web Filtering Enhanced Web Filtering Topology of our setup is below. As obvious, we will filter HTTP requests sent by the PC towards Internet.
On SRX, there is now a handy feature introduced in 12.1X46-D10. You can enable flow trace without going into configuration on the operational mode. I believe this will make troubleshooting easier as it saves time if you need to try different flow filters. Here is how you can enable a sample ICMP flow trace for
Read More »
I must say that network troubleshooting is not an easy task. Especially if you need to analyze thousands of packets in packet captures or lines of flow traces. IP ID is a field I use to compare captures taken at different segments most of the time. Also it is a crucial field for me to
Read More »
I wasn’t aware of VYOS security device till I was searching for a virtual Vyatta appliance. Then I learned that Vyatta was actually acquired by Brocade and after that community fork of Vyatta which is now VYOS has been brought to life. VYOS is using strongswan for IPSEC and on this post, I will show
Read More »
Upgrades are unavoidable I believe but we can ask ourselves the following upgrade related questions; when should we upgrade? why should we upgrade? to which release we should upgrade? I can just share my experience about these questions. As I have said, upgrades are unavoidable. If it isn’t due to a feature related bug, it
Read More »
This post is showing a simple destination NAT rule in which how you can use a transparent squid proxy to which you redirect your clients’ HTTP requests. Our client device’s HTTP requests will be redirected to our Squid Proxy server on this topology i.e hostF won’t need any config for its requests to be proxied.
In this post, I will show an example of how you can monitor a certain gateway for a specific route and if the gateway isn’t responding to ICMP requests, you can fail over to another gateway device. root@srx# run show route 172.1.1.0/24 inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden) Restart Complete
Read More »
Starting from 12.1X46-D10 release, SRX has a new feature called traffic selector. Details of the feature can be found at juniper page here In a nutshell, it is similar to the proxy-id but has some major differences. By using proxy ids we can even establish two IPSEC tunnels to the same tunnel end point or
Read More »
You must be logged in to post a comment.