Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - wpj

Pages: [1] 2 3 4 5 6 ... 9
SRX Platform and J-series / Re: Policy Based Route
« on: January 03, 2016, 10:55:55 pm »
IF THE SERVER is on the internet like in your diagram then just Nat the traffic to the internet and make it easy on your self.

Switches / Re: where to buy EX2200?
« on: December 30, 2015, 08:49:03 pm »
Its called grey market typically handled by charging a recertification cost equal to one year service or a site visit for any chassis based systems.  You shouldn't have an issue

Routers / Re: Dual ISP routing issue with BGP protocol.
« on: December 30, 2015, 08:42:42 pm »
Can you describe your issue?

Switches / Re: EX3300 doesn't show static routes in J-web
« on: December 30, 2015, 08:39:26 pm »
I think this is a known issue, check the PR database.

Switches / Re: What is the max. number of 1GbE ports on EX4600?
« on: December 30, 2015, 08:34:10 pm »
You can use any optic on all ports however I think there is a power limit on copper sfp and the switch can only Handel 12 copper sfp plus remaining optical.

Hope this helps

Unless you have the fiber only switch you can use either the vcp ports on the back or for longer distances you can use the uplink module and then use either 1g or 10g sfp,s

I hope this helps

Is this for a cluster srx or stand alone

Marketplace / For Sale FS: AX411 I have 4 Ax411 for sale.
« on: June 30, 2013, 09:10:10 am »
Hey all I have 4 ax411 for sale. 

shipping from Canada asking 300+shiping.

poe does not work.  You will have to power by dc adapter port.

let me know of you have any questions.

SRX Platform and J-series / Re: SRX with 2 ISPs, any thoughts
« on: December 02, 2011, 08:29:16 am »
This does work now I am doing in it in a number of SRX finally.

Switches / Re: VLAN SWAP
« on: June 29, 2011, 05:44:41 pm »
you can do a VLAN ID rewrite to accomplish this

SRX Platform and J-series / Re: Destination NAT for GRE on SRX
« on: November 29, 2009, 08:55:20 pm »

I have a MIP (screenos) setup on our SRX which allows PPTP+GRE traffig in for mthe internet back to a Microsoft RRAS host on the network andit works just fine.

what are you trying to do?


SRX Platform and J-series / SRX with 2 ISPs, any thoughts
« on: September 29, 2009, 09:40:13 pm »
OK in Screen OS here is what I did

Untrust-vr = main isp
untrust2-vr = backup isp
trust-vr = internal routing

I exported the default route form each untrust and untrust2 and them imported both default routers into the trust-vr and played with the metrics so that I have them failover,

we also run vpn tunnels down each isp to the data center and ospf on them for fail over, used the backup isp as the primary data center connection and the primary isp as the backup for the data center this way both isp'd were always in full use.

now to do this in JunOS on the SRX.....where do I begin or is there a better option???



hard code your interface settings that fixed it for me

NSM / Re: NSMXpress.....Inside or Outside
« on: December 14, 2008, 08:03:21 am »

thanks for the input...i am kind of the same mind set and that is where i have it now.  the pain is everytime i provision a device i have to set the mip address. is there  any place to default it to the mip otherwise i think i will get another small block of ips and route to it off of my ssg's.

all of or almost all of the devices it wil be managing will not be internal but other customers devices so they will only be managable from the external interface hence my issue with always getting the mip....

one thing which is a pain all of my initial test devices will no longer communicate to it even after changing there address this is since i removed it from my lab and into the dc.

also i noticed you are a jncia-nsm? i didn't think that there was an nsm exam is it in beta? i would like to have a look at it if it is i wll ask my se to get me on it.

have you heard of the jncie-fw exam??

NSM / NSMXpress.....Inside or Outside
« on: November 19, 2008, 07:46:11 pm »
I am just installing and NSMXpress at out colo, and I am tryign to fiur eout best placement inside or outside fo the firewalls....we will be adding devices from outside out VPNs so I would need a MIP form the untrsut inside so is it safe to jsut leave it outside of the firewall or should it be inside my Monitoring-DMZ



I wonder if I woudl have better luck with getting a new block of IP's, creatieng loopbacks for them all in a zone and just routing to the loopback and then one for each customer

Ok as I am already going to be giving them thre own VR, that sounds Ok for the first few until i run out of VR's

with this I would have to assign another physical port to the ip thought and have both of them plugged into the upstream isp?

can you show me your ocnfig via PM?


OK I tried this but not working

I have untruist ip set to
I then enambed ignore-ipsubnet
then added aloop back of
and I am unable to ping or https to it and those features are tiurned on on the interface

it can be reached form the insdie but not externally on the internet

any thoughts


ok god thought but can the loopback be a /32 and be in the same subnet as the standard external interface and still work correctly

i know i can turn of the ip overlap check

your thoughts


ok i amputting together a nsrp clster of boxes at our data center for a bunch of my clients as a hub in there hub and spoke vpn

i lready hve bandwith monitoring on a per is from my ustream provider

what i want to know is s there anway  to terminate each customer on a unique  ip on the external interface ie is my external ip but i want customer 1 vpns to termiante on and so on is there anything i can do?

Pages: [1] 2 3 4 5 6 ... 9