Tag: SRX

Junos: vSRX Interface Un-Alignment Recovery

Junos: vSRX Interface Un-Alignment Recovery

Please follow the below steps to perform re-alignment of the network interfaces on the vSRX appliance this can happen if you have been using a release older than D62

How to recover.
1.Shutdown node0 and node1
2. Remove all NICs
3. Power up node0 and node1 , when it reaches config loading power off node0 and node1
4. Add 3 NIC to node0 and node 1 and power on the nodes
5.Check the cluster status , node0 and node1 should see each other and fabric link should be up and working
If you require more network interfaces to be added to your appliance please follow the KB in the link below

http://www.juniper.net/techpubs/en_US/vsrx15.1×49/topics/task/configuration/security-vsrx-vmware-adding-interfaces.html#jd0e206

If you are making changes to network firewalls ensure that you have a backup and a revert plan as a pro-cautionĀ 

Advertisements
Junos: vSRX D62 Update Released

Junos: vSRX D62 Update Released

Okay the clustering bug fix has now been released please use the following links to download the update

https://download.juniper.net/cust-svc/srx/junos-vsrx-15.1X49-D62-domestic.tgz
https://download.juniper.net/cust-svc/srx/junos-vsrx-15.1X49-D62-domestic.tgz.md5

 

PR 1181269 – vSRX: Vmware interface reordering issues

PR 1201267 – High CPU % on httpd over Multiple Jweb sessions

PR 1228547 – SRX is not sending serial number to Policy Enforcer

PR 1214802 – Web Filter may crash with black or whilte lists

PR 1210689 – Anti-Malware connection failures after several RG0/RG1 failover

PR 1213584 – Reth interfaces that have only one link on one node may break sessions on failover and fail back

Junos: Hidden Commands Monitor Interface Traffic

Junos: Hidden Commands Monitor Interface Traffic

Found a useful command today that allows you to capture interface traffic and dum it into a pcap file and you can even view the content of the file within the SRX CLI

To Start Traffic Monitoring

user@srx>monitor traffic interface ge-0/0/1.0 write-file test.pcap

To View Capture File

user@srx>monitor traffic read-file test.pcap

 

 

 

Junos: Adding a new node to Chassis Cluster

Junos: Adding a new node to Chassis Cluster

Today I have been playing with the vSRX range from juniper and I had broken one of the nodes and instead of repairing the VM it was much easier to re-provision the vSRX VM and add it back into the configured cluster

So First of all spin up a new vSRX VM and run the following

# Enter Configuration Mode
Edit
# Goto Top of Configuration File
top
# Delete Entire Configuration
delete
# Add root password on the appliance
set system root-authentication plain-text-password
# Save empty configuration
Commit
# Exit to operational mode
exit
# Join node to cluster
set chassis cluster cluster-id <0-255> node <0-1>
# Perform Node Reboot
Request System Reboot

 

Once the node has rebooted check the cluster status by running the following command

show chassis cluster status
Junos: Opening Up Ports on a vSRX

Junos: Opening Up Ports on a vSRX

 

A quick guide to show you how to open ports on your vSRX running Junos for outbound traffic

Define Applications

set applications application TCP-587 destination-port 587 protocol tcp description "Secure SMTP"
set applications application TCP-993 destination-port 993 protocol tcp description "Secure IMAP"

Define Destination Addresses

set security address-book global address Office365-OutLook dns-name outlook.office365.com
set security address-book global address Office365-SMTP dns-name outlook.office365.com

Create a Security Policy

set security policies from-zone trust to-zone untrust policy Office365 match source-address any destination-address Office365-SMTP application [ TCP-587 TCP-993]
set security policies from-zone trust to-zone untrust policy Office365 match source-address any destination-address Office365-OutLook application [ TCP-587 TCP-993]
set security policies from-zone trust to-zone untrust policy Office365 then permit