Re: [j-nsp] what is different sd-syslog and syslog format ?

Hi sd-format is Truppe size :) Syllog format is comma delimited postion defiened, SD format is always parameter=value like this: , destibation-address="123.234.211.1", destination-port="25", etc. Klauzi  — Sent from Mailbox for iPhone On Thu, Apr 17, 2014 at 9:55 AM, bruno wrot

Re: [j-nsp] what is different sd-syslog and syslog format ?

sorry should be triple not Truppe— Sent from Mailbox for iPhone On Thu, Apr 17, 2014 at 11:05 AM, Klaus Groeger wrote: > Hi > sd-format is Truppe size :) > Syllog format is comma delimited postion defiened, SD format is always > parameter=value like this: > , dest

Re: [j-nsp] Are IRB interfaces still not functional under SRX?

On SRX branches one configures : interfaces {     vlan {          unit 123 {              family inet {                         address 192.168.123.1/24              }          }     }     ge-0/0/0 {           unit 0 {              family ethernet-switching                   vlan {

Re: [j-nsp] SRX240 and SRX550 Web Filtering Capacity

There are only internal performance informations, confidential. Try to fetch a Juniper SE, who can provide you with the relevant info.  — Sent from Mailbox for iPhone ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mai

Re: [j-nsp] Policy-based IPSec tunnel and static routing

In policy based VPN just rely on default route, witch points out the interface and  zone where the VPN's outgoing interface resides. The packets have to hit the policy between the internal and external zone, then are injected to the VPN. No additional route is needed.  Klaus — Sent from Mai

Re: [j-nsp] SRX Source NAT internal users to two or more public IPs

Hi you search for persistent nat: http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/understand-persistent-nat-section.html But configuring splitted src-NAT isn't such a burden. Just go to your src-nat rulset and insert a second rule, that

Re: [j-nsp] SRX Source NAT internal users to two or more public IPs

Sry, wrong link, here's the correct one http://www.juniper.net/techpubs/software/junos-security/junos-security96/junos-security-swconfig-security/configuring-persistent-address-pool-example.html#configuring-persistent-address-pool-example — Sent from Mailbox for iPhone On Fri, Jul 19, 2013 at 7:08

Re: [j-nsp] EX2200 Series

You need the EFL (Enhanched Deature License) to run OSPF v1/v2 on 2200, and yes, it only supports four interfaces. Don't know if an aggregated IF (ae0 LAG) counts as one.  ​ Link:   http://www.juniper.net/techpubs/en_US/junos11.4/Tonics/concept/ex-series-software-licenses-overview.html ​Rega

Re: [j-nsp] SRX to vshield lan2lan

Hi ​usually it's the missmatching PSK which generates this message. ​Klaus  — Sent from Mailbox for iPhone On Thu, Jun 20, 2013 at 6:39 PM, bizza wrote: > Hi all, > does anyone has setup a lan to lan ipsec vpn between juniper srx and vmware > vshield? > I tried various configuration, but I

Re: [j-nsp] SRX to vshield lan2lan

Did you assign the st0.x interface to a zone? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp

Re: [j-nsp] Inter-racks switch routing recommended practice

Edward, ​AFAIK one needs EFL to run AFL not vice versa:   http://www.juniper.net/techpubs/en_US/junos12.3/topics/concept/ex-series-software-licenses-overview.html ​Regards Klaus ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://p

Re: [j-nsp] OSPF OID reply

Hi.  looks like the OID is a trap that could be sent by Juniper devices. I would say, if one sends a trap like this towards a Juniper device, the target will not react in any way.  http://www.juniper.net/techpubs/en_US/junos10.0/information-products/topic-collections/config-guide-network-mgm/

Re: [j-nsp] Srx 240 ipsec site to site

Hi you may not resolve the issue with auto vpn, because the main problem is:  both sites are assigned the IPs dynamically - via dhcp or whatever. If both sites do not know the peer's IP address, they cannot establish a tunnel.  In ScreenOS, one has the option to use hostname instead of an IP a

Re: [j-nsp] Srx 240 ipsec site to site

Hi, have to check if using a hostname as peer address works with 12.1x44. But in 11.4 it is not possible. As soon as one used a hostname as peer address the SRX resolves the IP address and puts it in the config. Still waiting for all the neat little features, that made ScreenOS such a strong s

Re: [j-nsp] J/SRX ICMP handling

Hi Dale just give "set security flow allow-icmp-without-flow" a try Regards Klaus — Sent from Mailbox for iPhone On Thu, Apr 25, 2013 at 7:35 AM, Dale Shaw wrote: > Hi all, > This post relates to a previous post of mine on asymmetrically routed > UDP traffic: > https://puck.nether.net/

Re: [j-nsp] SNMP on logical-system fxp0

Hi the fxp0 interface is bound to the RE, witch always resides in the first logical system and ist bound to the default routing table or master table, which is inet.0. All route lookups regarding the RE start in inet.0. Just put all your productive interfaces in a separate virtual router and

Re: [j-nsp] VC-port over Ethernet

some strange behavior i was observing recently, but I was > too busy fixing it, so I didn't run much tests. > I plan to setup small lab for that. I will let you know of the outcome. > nick > On Sun, Apr 14, 2013 at 4:33 PM, Klaus Groeger wrote: >> Hi >> >> I woul

Re: [j-nsp] VC-port over Ethernet

Hi I would recommend Q-in-Q on the intermediate switch. I have seen 4550 VC spanning over metro erhernet, so this should work for 3300 also. Regards Klauzi — Sent from Mailbox for iPhone On Sat, Apr 13, 2013 at 9:21 PM, Nick Kritsky wrote: > Dear J-NSP, > Can anyone confirm/deny if two EX