This article summarizes how to update the roll back configuration and OS on the backup partition (/altroot) on Junos devices running version 10.0 and higher image. To update OS and configurations saved on the backup partition of dual root device, use the "request system snapshot slice alternate" command. Starting with Junos version 10.0, SRX and J series routers have two … [Read more...]
How to automatically trigger failover of redundancy-group 0 and redundancy-group 1 at the same time on a chassis cluster
This article discusses how failover of redundancy-group 0 (RG0) and redundancy-group 1 (RG1) be automatically triggered at the same time on a chassis cluster. Some protocols, such as the Unified Threat Management (UTM) feature, are currently only supported in an active/passive cluster scenario whereby both RG0 and RG1 need to be primary on the same node. How can Ithe user … [Read more...]
How to configure SRX to allow multiple Junos Pulse connections from the same user
This article provides information on how to simultaneously connect one user from different locations to the same SRX device by using multiple Junos Pulse connections. Currently, Junos Pulse does not have the support for allowing multiple connections from the same user. When a user tries to logon by using his/her credentials via Junos Pulse, SRX allows the connection. But … [Read more...]
Can an IPsec VPN tunnel be terminated when the external interface belongs to a routing instance?
Unable to terminate an IPSec VPN tunnel, when the external interface belongs to a routing-instance. Assume the following: Ge-0/0/2 is the external interface with the 1.1.1.2/30 IP address. Remote IPSec peer is 2.2.2.2. You want to route traffic from the 10.10.10.0/24 virtual router LAN to the 10.10.20.0/24 remote LAN. Both the internal LAN and external Internet … [Read more...]
Import routes from the default routing table into other routing instance tables using policies
This article describes the procedure for importing all the routes of a default routing table, inet.0, into the routing instances on SRX and J Series devices. The Problem: When a term is added in the routing-policy and is specified with a from-condition, it does not give the instance name to import from: [edit] # set policy-options policy-statement … [Read more...]
How is the virtual MAC address derived for reth interfaces on J-Series and SRX?
How is the virtual MAC address derived for reth interfaces on J-Series and SRX? A reth interface is used with JSRP clustering on J-Series and SRX. Reth interfaces use two member links of which one is active for a redundancy group at any given time. As such reth interfaces have their own virtual MAC address which differs from the physical MAC address of each member link. The … [Read more...]
Configuration Example – Virtual Routers
This article provides information about the use of Virtual Routers in SRX series platforms, including a sample scenario and configuration example. You are asked to separate several remote branch locations by attaching them to separate SRX devices. You have only one SRX device and must accomplish this objective virtually. In Junos Software, a Virtual Router is a type … [Read more...]
How to enable VPN (IKE/IPsec) traceoptions for only specific SAs (Security Associations)
This article provides a method to filter the IKE/IPsec traceoptions to aid in troubleshooting VPN issues. This is the Junos OS equivalent of the sa-filter command on ScreenOS devices. Enabling IKE/IPsec traceoptions when working with multiple VPNs can impact troubleshooting efforts as follows: Additional problems may be seen such as tunnel buildup latency Increased … [Read more...]
How to add SRX Chassis Clusters into NSM
How to add SRX Chassis Cluster into NSM. 1. Logon to NSM. 2. Click Device Manager > Devices. 3. Right-click Devices, click New, and then click Cluster. 4. Fill the following fields to add the cluster: Cluster Name Color OS Name Junos OS Type Platform Manages OS Version 5. Once you have added the cluster, add each device separately. Add the … [Read more...]
Dynamic DNS (DDNS) Support on DNS ALG
The Dynamic DNS (DDNS) updates may be dropped by the DNS ALG, as they are not supported by the DNS ALG for ALL SRX series as of Junos 11.1. The Junos 11.1 Release Notes specify in the SRX Known Limitations that the on SRX5800 devices, the DDNS updates might be dropped by DNS ALG as they are currently not supported by DNS ALG. The DNS ALG is enabled by default. When it is … [Read more...]