Within this article we will look at the two ways in which to NAT traffic. Source NAT Pool This examples provides the commands required to configure source NAT via the use of a pool and ACL. This allows you to source NAT a number of internal hosts behind the ADX to a single IP address. … Read more
Below shows the necessary steps/commands to create a policy based VPN on a Juniper SRX series gateway. The main difference with a policy based VPN is that the tunnel action is defined within each security policy. Note : For troubleshooting steps please see here This VPN is configured with the following : Remote Endpoint : … Read more
Within this tutorial we will be showing you how to configure Remote Access VPN (Dynamic VPN) on the Juniper SRX. IKE Configure Aggressive Mode set security ike policy ike-dyn-vpn-policy mode aggressive set security ike policy ike-dyn-vpn-policy proposal-set standard Define Preshared Key set security ike policy ike-dyn-vpn-policy pre-shared-key ascii-text <PRE-SHARED KEY> Configure the IKE Gateway Here … Read more
Below shows the necessary steps/commands to create a route based VPN on a Juniper SRX series gateway. The main difference with a route based VPN is that a tunnel interface is created and assigned to your external interface. Any traffic that you wish to encrypt is routed to this tunnel interface. Access to and from … Read more
The Juniper SRX offers 3 main types of NAT. These are source, destination and static. In this article we will be providing explanations and configuration examples for each. Source NAT As the name suggests source NAT translates the source IP address. There are 2 main types of source NAT these are: Interface NAT – Traffic … Read more
Nested CSW rules provides the ability to perform Boolean (AND, OR etc) based conditions on standard csw rules. Within this example we will be : Redirecting any request that has a host header of ‘PRODUCTION.example.com’ and containing a URL request for /FOLDER/index.html to ‘/REDIRECT/index.html’ Balancing any request that has a host header of ‘STAGING.example.com’ and … Read more
Within this tutorial we will be providing the steps required to upgrade your Juniper SRX firewall. Copy Image First of all we copy the image over to the SRX via the use of scp. In this case I have used putty’s pscp. C:\Windows\System32>pscp “C:\Users\admin\Downloads\junos-srxsme-11.4R1.6-domestic.tgz” root@[SRX IP]:/mfs Confirm Hash Next we confirm that the file is … Read more
Below shows the necessary commands to capture ARP packets on a Cisco ASA Firewall. Syntax ASA(config)# capture arp ethernet-type arp interface dmz Display ASA(config)# show capture arp2 packets captured 13:12:23.478229 arp who-has 10.1.1.1 tell 10.1.1.10013:12:26.784194 arp who-has 10.1.1.1 tell 10.1.1.1002 packets shown
Below provides a short guide in configuring source NAT with an address pool on a Juniper SRX. The following example creates a pool with a 10.1.1.0/24 network. This pool of addresses are then used during the translation of source addresses. In addition to the pool we also configure the following options: set address-persistent – this … Read more
Within this article we show you the required steps for obtaining a packet capture on your SRX series firewall. Note : Great care should be taken when applying captures to ensure that only the traffic that you want to capture is defined within the firewall filter. This is to prevent any unnecessary load being placed … Read more