[j-nsp] SRX300 Issue

Niall Donaghy niall.donaghy at geant.org
Thu Jan 17 03:39:20 EST 2019


Hi Mohammad,

What Catalin said. Eg:

set security policies from-zone trust to-zone untrust policy permit-all match source-address any
set security policies from-zone trust to-zone untrust policy permit-all match destination-address any
set security policies from-zone trust to-zone untrust policy permit-all match application any
set security policies from-zone trust to-zone untrust policy permit-all then permit
set security zones security-zone trust interfaces ge-0/0/7.0

set security policies from-zone untrust to-zone trust policy permit-all match source-address any
set security policies from-zone untrust to-zone trust policy permit-all match destination-address any
set security policies from-zone untrust to-zone trust policy permit-all match application any
set security policies from-zone untrust to-zone trust policy permit-all then permit
set security zones security-zone untrust interfaces ge-0/0/0.0

Br,
Niall

-----Original Message-----
From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Catalin Dominte
Sent: 17 January 2019 00:07
To: Eldon Koyle <ekoyle+puck.nether.net at gmail.com>; Mohammad Khalil <eng.mssk at gmail.com>
Cc: Juniper List <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] SRX300 Issue

Check your security policies as nothing is allowed by default with the SRX. 

Add permit statements, create security zones and add interfaces to security zones. Then it will work. 

Catalin Dominte 
Senior Network Consultant



Nocsult Ltd  | 2 Cambridge House  | Gogmore Lane | Chertsey | KT16 9AP | Phone: +44 (0)1628 302 007
VAT registration number: GB 180957674 |  Company registration number: 08886349
P Please consider the environment - Do you really need to print this email?

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the email and its attachments from all computers.

On 16/01/2019, 23:29, "juniper-nsp on behalf of Eldon Koyle" <juniper-nsp-bounces at puck.nether.net on behalf of ekoyle+puck.nether.net at gmail.com> wrote:

    Hello,
    
    I don't see any attachments.  It is possible that the list is
    configured to remove them.
    
    -- 
    Eldon
    
    On Wed, Jan 16, 2019 at 3:10 AM Mohammad Khalil <eng.mssk at gmail.com> wrote:
    >
    > Dears
    > Hope this finds you well
    > I have been struggling with a new Juniper SRX300 since a while with no luck
    > The setup is so easy , static IP address from the WAN
    > When connecting a laptop I can access the GW as well as the Internet
    > But the box itself is not even reaching the GW!
    > I did also an upgrade for the firmware
    > Attached is the current conf file
    >
    > Appreciate ur input
    > _______________________________________________
    > juniper-nsp mailing list juniper-nsp at puck.nether.net
    > https://puck.nether.net/mailman/listinfo/juniper-nsp
    _______________________________________________
    juniper-nsp mailing list juniper-nsp at puck.nether.net
    https://puck.nether.net/mailman/listinfo/juniper-nsp
    
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp


More information about the juniper-nsp mailing list