[j-nsp] SRX300 Issue

Hugo Slabbert hugo at slabnet.com
Thu Jan 17 16:49:29 EST 2019


Poster noted:

> When connecting a laptop I can access the GW as well as the Internet
> But the box itself is not even reaching the GW!

Sounds like either host-inbound-traffic or policies for the junos-host zone 
may be in order.

-- 
Hugo Slabbert       | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E   | also on Signal

On Thu 2019-Jan-17 08:39:20 +0000, Niall Donaghy <niall.donaghy at geant.org> wrote:

>Hi Mohammad,
>
>What Catalin said. Eg:
>
>set security policies from-zone trust to-zone untrust policy permit-all match source-address any
>set security policies from-zone trust to-zone untrust policy permit-all match destination-address any
>set security policies from-zone trust to-zone untrust policy permit-all match application any
>set security policies from-zone trust to-zone untrust policy permit-all then permit
>set security zones security-zone trust interfaces ge-0/0/7.0
>
>set security policies from-zone untrust to-zone trust policy permit-all match source-address any
>set security policies from-zone untrust to-zone trust policy permit-all match destination-address any
>set security policies from-zone untrust to-zone trust policy permit-all match application any
>set security policies from-zone untrust to-zone trust policy permit-all then permit
>set security zones security-zone untrust interfaces ge-0/0/0.0
>
>Br,
>Niall
>
>-----Original Message-----
>From: juniper-nsp [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Catalin Dominte
>Sent: 17 January 2019 00:07
>To: Eldon Koyle <ekoyle+puck.nether.net at gmail.com>; Mohammad Khalil <eng.mssk at gmail.com>
>Cc: Juniper List <juniper-nsp at puck.nether.net>
>Subject: Re: [j-nsp] SRX300 Issue
>
>Check your security policies as nothing is allowed by default with the SRX.
>
>Add permit statements, create security zones and add interfaces to security zones. Then it will work.
>
>Catalin Dominte
>Senior Network Consultant
>
>
>
>Nocsult Ltd  | 2 Cambridge House  | Gogmore Lane | Chertsey | KT16 9AP | Phone: +44 (0)1628 302 007
>VAT registration number: GB 180957674 |  Company registration number: 08886349
>P Please consider the environment - Do you really need to print this email?
>
>THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the email and its attachments from all computers.
>
>On 16/01/2019, 23:29, "juniper-nsp on behalf of Eldon Koyle" <juniper-nsp-bounces at puck.nether.net on behalf of ekoyle+puck.nether.net at gmail.com> wrote:
>
>    Hello,
>
>    I don't see any attachments.  It is possible that the list is
>    configured to remove them.
>
>    --
>    Eldon
>
>    On Wed, Jan 16, 2019 at 3:10 AM Mohammad Khalil <eng.mssk at gmail.com> wrote:
>    >
>    > Dears
>    > Hope this finds you well
>    > I have been struggling with a new Juniper SRX300 since a while with no luck
>    > The setup is so easy , static IP address from the WAN
>    > When connecting a laptop I can access the GW as well as the Internet
>    > But the box itself is not even reaching the GW!
>    > I did also an upgrade for the firmware
>    > Attached is the current conf file
>    >
>    > Appreciate ur input
>    > _______________________________________________
>    > juniper-nsp mailing list juniper-nsp at puck.nether.net
>    > https://puck.nether.net/mailman/listinfo/juniper-nsp
>    _______________________________________________
>    juniper-nsp mailing list juniper-nsp at puck.nether.net
>    https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp


>_______________________________________________
>juniper-nsp mailing list juniper-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/juniper-nsp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20190117/3a0494e4/attachment.sig>


More information about the juniper-nsp mailing list