[j-nsp] SRX and http/https proxy

Benoit Plessis b.plessis at doyousoft.com
Tue Dec 12 05:38:54 EST 2017


Hi,

We have recently bought an SRX345 cluster with IDP licensing and i'm a
bit baffled by something a bit "stupid".

The SRX will need regular download over the internet for the IDP
database, however, by principle i setup the system so that the admin
interface has a limited network connectivity (by use of a separate
routing-instance for the main trafic).

So i looked for a way for the SRX to use a web proxy (squid, ffproxy)
for thoses operations.

According to the documentation & configuration it is supported (system
proxy server / system proxy port) however of the 4 download "use-case" i
tested (request system licence update, request security idp
security-package download, request system license add, file copy) only
the first (request system licence update) does "try" to respect and use
the system proxy, and even there it doesn't correctly communicate with
the proxy for "https" requests.

I tried with 17.3R1.10, 12.1X46-D15.3, 12.3X48-D40.5 with the same
result each time.


A case is pending openning over juniper support but the support contract
of the SRX345 isn't openned yet, so i though of reaching over there,
does anybody know anything on the subject ?

Regards,
Benoit Plessis



More information about the juniper-nsp mailing list