Category Archives: Juniper SRX

Packet capture on SRX for pass through traffic

Specify the file name and size of the file: set forwarding-options packet-capture file filename pcap_on_srx set forwarding-options packet-capture maximum-capture-size 150 Specify the source and destination which you want to capture: set firewall filter PCAP term 1 from source-address 192.168.1.1/32 set … Continue reading

Posted in Juniper SRX | Tagged , , | Leave a comment

Route based VPN on SRX

Create Tunnel interface: set security zones security-zone external interfaces st0.1 set routing-options static route 172.16.1.1/32 next-hop st0.1 set security ike proposal phase1-proposal-route-based authentication-method pre-shared-keys set security ike proposal phase1-proposal-route-based dh-group group2 set security ike proposal phase1-proposal-route-based encryption-algorithm 3des-cbc set security … Continue reading

Posted in Juniper SRX | Tagged , | Leave a comment

NAT in SRX

Following is the topology: Source NAT: set security nat source pool source-nat-pool address 10.2.2.3/32 set security nat source rule-set source-nat-rule-set from zone internal set security nat source rule-set source-nat-rule-set to zone external set security nat source rule-set source-nat-rule-set rule rule-1 … Continue reading

Posted in Juniper SRX | Tagged | Leave a comment

IPSec between ASA and SRX Policy based

Following is the topology: 12.12.12.0/24 is behind ASA and 192.168.4.0/24 is behind SRX. SRX configuration: set security ike proposal phase-1-proposal authentication-method pre-shared-keys set security ike proposal phase-1-proposal dh-group group2 set security ike proposal phase-1-proposal authentication-algorithm md5 set security ike proposal … Continue reading

Posted in ASA, Juniper SRX | Leave a comment

Cluster status is disabled SRX

In SRX if the cluster status is showing as disabled then it has to be resolved by a reboot. {disabled:node1} SRX> show chassis cluster status Cluster ID: 1 Node                  Priority          Status    Preempt  Manual failover Redundancy group: 0 , Failover count: … Continue reading

Posted in Juniper SRX | Leave a comment

Juniper How to:

How to go to operational mode from unix shell in juniper: If you are logged as root then you can go to operational mode with the help of “cli”command. Following prompt is in root after using cli it goes in … Continue reading

Posted in Juniper SRX | Tagged , , , , , , , | Leave a comment

Juniper SRX flow

A packet is considered to be part of a flow if it matches following criteria: Source address Destination address Source port Destination port Protocol Unique session token number for zone and virtual router.  

Posted in Juniper SRX | Leave a comment