Well, I had the chance again to play with lots of Firewalls, so I did. A customer had ordered > than 30 SRX100s for clustered branch deployments so I took the opportunity to ask for permission to pull 30 of them out of boxes and reproduce my 30 levels of NAT lab. It\’s never the [ View Post… ]
30 Levels of NAT Lab #2 – Juniper SRX100s
Juniper SRX Chassis Cluster RG0 Nagios Check
I was required to check (as this customer did not have a trap collector) which node was active for redundancy group 0 on a SRX cluster. So I thought I would check for a SNMP OID that is only presented by the active RG0 node. This script uses snmpwalk and is configured to use SNMP v2c [ View Post… ]
SRX Branch Chassis Cluster Ports
Here is a table of the ports that are used for chassis cluster control link and management ports on Branch SRX devices. The quoted ports are the ‘stand alone’ non clustered port names (not node1’s port names once clustered). In a SRX cluster the PIM slots on node1 start at the last PIM slot of [ View Post… ]
Juniper SRX Screens + Dynamic VPNs
Little tip with SRX Dynamic VPNs and ‘security screens’ on the VPN’s ingress zone I stumbled across during my JNCIE-SEC study. UPDATE (20120401): Seems Juniper has addressed and fixed this bug … More info: http://kb.juniper.net/InfoCenter/index?page=content&id=KB21713&actp=RSS It seems you can not have the ‘IP Spoofing’ screen enabled when sending IPSec Dynamic VPN traffic ingressing into the zone with [ View Post… ]
SRX110 and ADSL2+
So work was awesome this year and bought me an SRX110 for Xmas. I thought that I would share, to configure it’s vDSL interface to use adsl (with Australian VPI and VCI), you just configure the interface as if it was an ADSL PIM. Here is the config: [plain] set interfaces at-1/0/0 description "ADSL Interface" [ View Post… ]
JUNOS AppSecure now on Branch SRXs
So application identification / firewall / secure has made it way to the branch. This is awesome news. So I have managed to obtain a 30 day trial to see how it performs on my home SRX100. With ym simple rule base I have seen 1ms increase in my latency!! After adding the license you [ View Post… ]
MiToken + Junos Two Factor Radius Authentication
Do you have Junos devices? If you do, excellent choice. Do you have MiToken? Once again, love your work there. If you don’t have MiToken, it’s a plug-in to the M$ IAS/NPS servers that allows mutiple types of hard and soft tokens to be used allowing secure OTPs with dual factor authentication with your Active [ View Post… ]
Juniper SRX Chassis Cluster + LACP Redundant Eth Interfaces
So a co-worker and I spent some time playing around with JunOS 11’s (I believe it came in with 11 – correct me if wrong) reth’s ability to now be LACP interfaces, as well as just plain redundant. It was not immediately clear how the switch was required to be set up in order to [ View Post… ]
Recent Comments