I'm looking for people's experience with storm control on Juniper switches. We
have a pair of EX4500 switches and I notice that storm control kicks in a lot.
I'm concerned that it might be stopping legitimate broadcast and multicast
traffic.
Before we put in these Juniper switches into the ne
Is something funny going on with the mailing list? I sent this original email
2 years ago.
Also saw a bunch of other emails get sent out that people had sent from 2009
and 2010
From: Michael Loftis [mailto:mlof...@wgops.com]
Sent: May-01-13 10:28 AM
To: James S. Smith
Cc: juniper-nsp
Never mind, answered my own question. Didn't realize you have to define the
policy first and let it be added to the bottom of the list, and then use the
insert statement to move it.
James S. Smith Network Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
zone. When trying to
insert a new policy the SRX complains the policy does not exist.
jsmith@fw01# insert security policies from-zone it_staff to-zone untrust policy
it_staff-untrust-windows-rdp before policy it_staff-untrust-default
error: statement 'it_staff-untrust-windows-rdp' not f
I’ve been able to make some more sense of the problem. After clarifying a few
things with the database admins, the issue isn’t sending mail. It’s some
ticketing system that receives email approves, so it’s constantly checking an
Exchange mailbox. That’s where the IMAP traffic comes in.
After
I found that a bit strange myself, but we log all traffic flows through the
firewall and the only communication going on was on port 993.
-Original Message-
From: Andrew Miehs [mailto:and...@2sheds.de]
Sent: April-23-13 7:40 PM
To: James S. Smith
Cc: juniper-nsp@puck.nether.net
Subject
Just in the process of finishing a project of migrating subnets behind an
SRX3600, and we've run into some odd behavior.
We have a database subnet outside the firewall, and an exchange server subnet
behind the firewall. A database server uses IMAP4 over SSL (TCP 993) to send
emails to Exchan
Just avoid the 4500 if you need anything less than 1G copper. The ports on the
4500 won't negotiate to 10 or 100. I was told by the sales engineer that this
switch is a "top of rack" switch so it doesn't support anything less than 1G.
I found that funny since I have a whole rack of Avaya gear
Might not be an issue, but have you turned off the ALG for SQL? We've found
that most of the Juniper ALGs cause a lot of problems in general and it's
better to just turn them off, especially for long running queries. You'll
never see anything in the logs, even if it's the cause of your problem
routers.
James S. Smith Network and Security Architect
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
Email: jsm...@windmobile.ca
Direct: 416-640-9792
Fax: 416-987-1203
www.windmobile.ca
www.twitter.com/WINDmobile
www.facebook.com/WINDmobile
THAT'S THE POW
How many SPU cards do you have in the box?
I'd be interested to know other people's experiences with the application
inpsection for various databases. I usually turn the ALG for the off because
the DBAs complain that long queries are get terminated, even after tweeking the
timeouts.
- O
We use a Cisco 2811. It's 1U, uses the same async NMs and WICs as the 3640s,
and will handle 32 serial ports (might actually be more).
James S. Smith, Network and Security Architect, Juniper Networks Certified
Associate
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J
sold us this
SRX. Since I've been dealing with Juniper directly and doing my own research I
haven't had any gotchas.
James S. Smith, Network and Security Architect, Juniper Networks Certified
Associate
WIND Mobile 207 Queen's Quay West, Suite 710 Toronto, ON M5J 1A7
Email:
un 19 01:31:02 PIC (fpc 14 pic 0) message operation: delete. ifd count 0,
flags 0 in mesg
Jun 19 01:31:02 pic_handle_message_idl: PIC fpc 14 pic 0 got deleted
Jun 19 01:31:02 Clearing scc context
Jun 19 01:31:05 send: red alarm clear, device PEM 0, reason PEM 0 Not OK
James S. Smith, Network
Have you looked into an inline IPS in front of the SRX to just block
misbehaving host? I've had a lot of success with this.
- Original Message -
From: juniper-nsp-boun...@puck.nether.net
To: juniper-nsp
Sent: Thu Mar 17 18:04:36 2011
Subject: [j-nsp] SRX policy action to inject a rou
I'm having a bit of trouble with this configuration: I have an SRX 240 (JunOS
10.0R3.10) that is connected to the Internet with a CX-111. The CX-111 has a
3G stick for its Internet. The SRX receives a DHCP address on ge-0/0/0.0 and
can reach the Internet without a problem.
I'd now like to s
I'm have the same question. From the sounds of it, we could replace our SAN
with this? I know that wouLd be a hard sell to the SAN guys.
- Original Message -
From: juniper-nsp-boun...@puck.nether.net
To: Derick Winkworth
Cc: juniper-nsp@puck.nether.net
Sent: Thu Feb 24 17:32:39 2011
Just thinking about hacks, one way that might work would be to setup static
routes on the devices where you don't want these routes. For example:
set routing-options static route 192.168.123.0/24 reject
Since this is a static it will be preferred over the OSPF routes.
-Original Message--
I don't see this as being possible. The whole point of OSPF is to provide
consistent routing data across all routers in the area. If Juniper allowed
filtering of internal routes being imported then that model could be broken.
Everything I've read say JunOS can't filter internal routes from be
19 matches
Mail list logo
