SRX Next-Gen Firewalls
Welcome!
If you have a question or a use case, likely there are others who are experiencing or worked through the same thing. Don't hesitate to jump in and ask or share your knowledge!
Need additional guidance? Check out these Juniper Resources.
Juniper Threat LabsSRX Upgrade Guide Security Advisories Technical Bulletins
Latest Discussion Posts
-
RE: How to do destination NAT with domain?
By: Nikolay Semov , 17 hours agoI usually use d-nat for inbound traffic and I've had situations where it would have been nice to have the d-nat pool entry be dynamic, but no the matched address. I'm curious, what is your use case? ------------------------------ Nikolay Semov ---- ...
-
ADSL - VDSL PPPoA config help
By: DARYLL SMITH , 18 hours agoI have an old config from a Cisco ASA which is here: interface Dialer1 ip address negotiated ip mtu 1452 encapsulation ppp ip tcp adjust-mss 1412 dialer pool 1 dialer-group 1 ppp mtu adaptive ppp authentication chap callin ...
-
RE: Problems with untagged traffic using flexible-vlan-tagging ...
By: Nikolay Semov , 18 hours agoUnfortunately, I think this is expected behavior. That is, native-vlan-id tells the device what to do with incoming untagged frames, but doesn't tell it not to tag outgoing frames on that vlan. That's counterintuitive and a bit silly, in my opinion, but ...
1 person recommends this. -
RE: VDSL2-A MPIM Configuration
By: DARYLL SMITH , 18 hours agoNot sure if this is still reaching anyone, fingers crossed.... I've closely copied this config, similar I'm moving from Cisco: interface Dialer1 ip address negotiated ip mtu 1452 encapsulation ppp ip tcp adjust-mss 1412 dialer pool 1 ...
-
RE: How to do destination NAT with domain?
By: vidar.stokke , 19 hours agoAhh... actually a nice suggestion to use scripts. Maybe using automation scripting that does a DNS lookup and updates a address-book entry regularly? ------------------------------ Best regards Vidar Stokke ------------------------------
-
I have two words for this. Anycast, broadcast. In an environment that untagged traffic is not working, you must consider the long run. We all assume that ipv4 broadcast kills us off the bat. Yes, that's true. But we don't think to question anycast. ...
-
RE: How to do destination NAT with domain?
By: Nikolay Semov , 2 days agoI suspect there are chip features that do NAT in hardware. I doubt they'll ever tie those rigid rules to something dynamic like DNS resolution. But ... perhaps commit script macros? (https://www.juniper.net/documentation/us/en/software/junos/automation-scripting/topics/concept/junos-software-automation-commit-script-macros.html) ...
Unanswered Posts
Top Contributors in the Community
-
1958 Points
-
344 Points
-
334 Points
-
138 Points