Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - akula

Pages: [1]
SRX Platform and J-series / ssh access from outside
« on: April 15, 2018, 09:27:57 pm »

A security policy allowing junos-ssh from outside to a server internal has been created.
But, srx 550 does not seem to allow this particular traffic on port 22 when traffic is initiated from outside.

This is not to allow management access , it is to allow users to access this server on port 22.
traffic can still be seen to same destination ip on different ports, if tested.
Please suggest. Thanks.

Hello All,

I need some help with SRX firewall.
Currently, there is a security policy with some ports or application being used in it.
Another service (tcp-5210) needs to be added to it.
I created a custom application named tcp-5210 & did a commit , which was successful.
(i verified using sh application application command)

I need to get following clarified as i am doing juniper again after long gap.

How do i add this new port into the existing security policy without removing any other in-use application or ports?
I tried using insert application under the {edit security policy options}. But i fail to see my newly created tcp-5210
as an option under the applications. I do see all the other existing ports on it.

Appreciate if someone could please help me with this.

[security policies]
from-zone inside to-zone outside {
    policy apps {
        match {
            source-address any;
            destination-address host_public;
            application tcp_port_5000;tcp-2122,tcp-4244,tcp-65730
        then {

For some reason, i wasn't able to see tcp-5210 as an option when i was under edit mode to add it to the policy.
I want to add newly created tcp-5210 on to this policies application without deleting any of the existing other ones.
Appreciate all help. Thanks.

SRX Platform and J-series / windows server cluster is not coming up
« on: December 25, 2012, 01:26:17 am »



We have two srx650 in HA mode.
This hosts the vlans for certain server segments. The problem is, windows Active directory cluster connected to this firewall is
comes online for few hours and then goes offline without any reasons.
No deny logs or noticeable problems are seen on the srx.
Necessary filters for allowing the AD cluster to communicate with its server( in the
lan portion of network) is in place and traffic flowing can be seen.

Surprisingly, the AD cluster comes back online as soon as the srx is removed from
the network and the setup is reverted backto normal setup, without firewall.
normal setup is all servers connected to the network core devices without firewall.

Appreciate any help over this weird issue. Thanks.

SRX Platform and J-series / Re: internet connectivity juniper srx650
« on: October 18, 2012, 03:11:36 am »
I have the cluster running fine. I was looking at help on the internet portion. Thanks

SRX Platform and J-series / internet connectivity juniper srx650
« on: October 18, 2012, 12:12:17 am »

I have two SRX650 in cluster mode. Single internet link will be connected to these two SRX's via a cisco switch.

Please help me with following :

1. configuration required on the juniper ports ( eg. 2/0/8 & 11/0/8 of both SRX's ) where the physical connection from cisco switch from the internet will be connected
2. configuration for nat translation to happen for internet bound traffic

Thanks in advance!

SRX Platform and J-series / Clustering not coming up on SRX 650
« on: October 04, 2012, 08:22:58 pm »

We have two SRX650 having identical specs to be connected together in HA.
I connected the ge0/0/1 interfaces on both devices to each other for acting as the HA control.
There were few configurations done before on this devices , prior to HA being tried to configure.

After i followed the juniper guide for HA setup, i get the following messages:

Loading configuration ...
Interface control process: [edit interfaces]
Interface control process:   'ge-0/0/0'
Interface control process:      HA management port cannot be configured
mgd: error: configuration check-out failed
Warning: Commit failed, activating partial configuration.
Warning: Edit the router configuration to fix these errors.

The output of sh chassis cluster status shows the nodes as lost and hold or so.
Please help to resolve and get the cluster up and running. Thanks!

SRX Platform and J-series / disabling NAT on juniper firewall
« on: September 09, 2012, 10:00:28 pm »

I have a network setup where a Juniper SRX240 is secondary firewall, as below:

LAN - Juniper - Cisco Firewall - Internet

Juniper firewalls lan side is /24
Juniper Wan side is /24

Cisco Firewalls lan side is on same subnet as Juniper
Cisco WAN side is

My requirement is that traffic starting from LAN network should go through the Juniper firewall with following requirements:-

1. Local lan traffic should not be NAT'd on Juniper firewall
2. Apply rules on Juniper lan and wan side for allowing on specific services
   Like; inbound - ftp service on one lan server
            outbound - sftp service from one lan server

Please help me on how to achieve this. I am new to Juniper.


SRX Platform and J-series / Re: Interfaces on SRX650
« on: September 09, 2012, 09:53:59 pm »
Thanks Fahim.
I see there are subinterfaces like Ge0/0/0.0 . how are they to be used in juniper .
Should i be configuring an ip address on this rather than the physical interface?


SRX Platform and J-series / Interfaces on SRX650
« on: September 06, 2012, 09:17:43 pm »

I am quite new to Juniper. We have a SRX650 with a 16 port GE card for additional ports and the 4 ports on the front panel.
I have certain doubts as below:

1. I need to assign and configure an interface connecting the WAN link to this SRX
    which interface(name?) in the web interface do i choose for that?
2. I also need to assign a Layer 3 interface for user and application vlan on this SRX
    which interface (name?) do i use for this purpose and how do i configure it?
3. Do i need to create a vlan for the L3 interfaces ? if so , how do i do that for creating a vlan for users?
4. Is there any port which i can use as management port(assigning an ip address) on this SRX?

Appreciate reply.

SRX Platform and J-series / Juniper Srx firewall
« on: January 13, 2012, 09:08:55 am »
Hello Friends,

I am new to juniper. my question is regarding srx240 firewall. which certification track should i refer if i need to learn about the configuration , troubleshooting steps for this firewall.
any links will be helpful.

Thanks in advance.

Pages: [1]