[j-nsp] SkyATP SMTP Profile
Hi I have SkyATP Premium license and managing the SX5400 trough Space SD 16.1.I am trying to configure the SMTP profile but didn't find SMTP profile configuration in Sky portal, and there is no option to configure SMTP through the SRX CLI, as only HTTP is available. Thanks Mahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Netscreen-to-Junos Translation Tool
Hi Was checking portal for the Netscreen-Junos translation tool but was not there, is it obsoleted? Thanks RegardsMahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Which versions of Space support Spotlight
Hi I need to know which versions of junos space support for the spotlight? Thanks ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Can I have multiple route-based VPN over multiple st0 interfaces
Hi But the tunnels peering with non juniper firewalls, so I didnt assign st0 interfaces an IP addresses.And since all st0 interfaces are unnumbered then I think one out of them will borrow the external interface IP address. Sent from Yahoo Mail for iPhone On Friday, November 3, 2017, 4:21 AM, Hugo Slabbert wrote: On Fri 2017-Nov-03 00:57:47 +, M Abdeljawad via juniper-nsp wrote: >Hi >I want to create three VPN tunnels with third party peers, I want to use >route-based VPN with traffic selector as each tunnel has multiple >destinations.So can I use multiple st0 interfaces "one for each tunnel"? Yes; the routed IPSEC tunnels are bound to subinterfaces to st0, so e.g. st0.1 (unit 1), st0.2, st0.3, and so forth. Set that interface or the IP on the other end as your next-hop for whatever traffic you want to push through that particular tunnel (or run a routing protocol across it if that's preferred) and go to town. >(As I have only one VPN tunnel up out of the three tunnels). I don't understand this part. I don't see anything that would prevent you from having all of the tunnels up simultaneously unless you want to intentionally shut them for some reason. -- Hugo Slabbert | email, xmpp/jabber: h...@slabnet.com pgp key: B178313E | also on Signal ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Can I have multiple route-based VPN over multiple st0 interfaces
Hi I want to create three VPN tunnels with third party peers, I want to use route-based VPN with traffic selector as each tunnel has multiple destinations.So can I use multiple st0 interfaces "one for each tunnel"? (As I have only one VPN tunnel up out of the three tunnels). Thanks ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX Dynamic-VPN multiple Address Pools
blockquote, div.yahoo_quoted { margin-left: 0 !important; border-left:1px
#715FFA solid !important; padding-left:1ex !important; background-color:white
!important; }
Hi
I am migrating from Cisco VPN concentrator to SRX, each group of users assigned
to different address pool and access different resources, so I think I have to
configure separate access profile for each group of users and assign address
pool to each profile.
But the limitation I have that I can reference only one profile under the
dynamic-VPN "set security dynamic-vpn access-profile dyn-vpn-access-profile-1"
So lets recap it to how I can assign different address pools to dynamic VPN
clients?
Thanks
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
___
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX Dynamic-VPN multiple Address Pools
Hi I am migrating from Cisco VPN concentrator to SRX, each group of users assigned to different address pool and access different resources, so I think I have to configure separate access profile for each group of users and assign address pool to each profile. But the limitation I have that I can reference only one profile under the dynamic-VPN "set security dynamic-vpn access-profile dyn-vpn-access-profile-1" So lets recap it to how I can assign different address pools to dynamic VPN clients? Thanks ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX CPU fully Utilized after adding Space
Hi We connected the Space as a VM sever to manage the SRX5800 and send syslog, but we got the SRX RE CPU fully utilized due to SSH flood sent from the space to the SRX as the below captured messages from interface monitoring;"the space keeps sending SSH connection requests to SRX" 17:58:37.702244 Out IP truncated-ip - 28 bytes missing! 192.168.0.28.ssh > 192.168.1.152.60915: P 33520:33556(36) ack 24877 win 33304 17:58:37.702349 Out IP truncated-ip - 44 bytes missing! 192.168.0.28.ssh > 192.168.1.152.60915: P 33556:33608(52) ack 24877 win 33304 17:58:37.702475 Out IP truncated-ip - 44 bytes missing! 192.168.0.28.ssh > 192.168.1.152.60915: P 33608:33660(52) ack 24877 win 33304 17:58:37.702541 In IP 172.16.111.40.56351 > 192.168.0.28.ssh: . ack 183772 win 256 17:58:37.702554 In IP 192.168.1.152.60915 > 192.168.0.28.ssh: P 24877:25777(900) ack 33012 win 619 17:58:37.702558 In IP 192.168.1.152.60915 > 192.168.0.28.ssh: . ack 33100 win 619 Any idea? RegardsMahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] HA Cluster Loopback Interface during failover
I have two SRX3600 connected as A-P HA cluster, and there is a loopback interface used for VPN termination and assigned to redundancy-group-1.Its working in the primary firewall, but when I failover to the second firewall and then failover again to the first firewall, the loopback interface stops responding to ping requests from internet and the VPN tunnels were down (although it was pingable from the peer gateway router).I got it working again after I powered-off the second firewall!! Is this a configuration related issue or maybe a software bug? RegardsMahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRx self-generated traffic
Hello I have three questions related to SRX self-generated traffic 1- How to force the SRX self-generated traffic to get out to internet through certain link (suppose I have two internet connections)? 2- Is it possible to carry the self-generated traffic over a VPN tunnel terminated on the SRX? 3-Can we proxy the self-generated traffic to some proxy server? RegardsMahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Passing Traffic over SRX Cluster Fabric
Hi I have two SRX Cluster, and the design requires that the traffic pass through the fabric-link.but noticed some drop on the traffic when traffic pass through the fabric link. Is there a limitation for passing traffic over fabric link (the passing traffic size was around 500M, and the fabric link is 10G) RegardsMahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX VPN in Virtual Router
Hi All I have a question about SRX VPN support under virtual router;There are two WAN links and each link member in different Virtual Router (not inet0), and the VPN tunnels must be established from both virtual routers Per to my search I found two conflict results as below; Below KB link mention that its supported, and the st0interface and the IKE listener interface can be assigned to the custom virtualrouter. http://kb.juniper.net/InfoCenter/index?page=content&id=KB21487 And below document link mention that the IKE listener mustbe member of inet.0 for the VPN to work. http://www.juniper.net/documentation/en_US/junos11.4/topics/concept/virtual-router-support-for-route-based-vpns.html What if I used Lo0 interface and assigned it to inet.0 andused it as the external VPN interface, is this valid solution? RegardsMahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX High-end Packet mode
I have three questions about packet mode on high-end SRX firewalls - Is it supported on SRX high-end firewalls to switch the firewall to packet mode altogether using the below command which supported on branch firewalls;(set security forwarding-options family mpls mode packet-based) - Is it supported on SRX high-end firewalls to partially convert some traffic to packet mode (selective packet forwarding using filters)? - Is it possible to operate MPLS on SRX high-end firewalls without enabling packet-mode? Thanks RegardsMahmoud ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] SRX Site-Site VPN, two sites have Dynamic IPs
I have a small customer requiring a VPN between two of the sites, the two sites have dynamic IP addresses , can i have a site to site vpn in this situation ? Does SRX support dyndns feature ? can I use it for establishing site to site vpn ? if not what is the other option to suggest? Regards, ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
