Practical documentation and technical guides on network security, firewalls, Linux systems, monitoring, and automation.
We feature technical articles across the entire IT spectrum - Built from real-world experience and continuously updated.
As it stands Juniper SRX (version 11.1R1.10) only provides support for DynDNS (DDNS) via the use of an automation script. Configuration This script can be downloaded here. Once you have downloaded the script transfer it to the SRX directory /var/db/scripts/event/. Finally configure your SRX via the following commands : set system services apply-macro dyndns-client1 hostname XXX.dyndns.orgset … Read more
Issue When configuring IPv6 on an ASA 5505 running 8.2(5) you may experience issues where you are unable to ping (via IPv6) the ASA`s interfaces. Solution Upgrade to version 8.2(5)3.
Within this article the necessary steps required to configure PPPoE on the SRX platform are described. Note : This configuration is based upon a) the chap authentication method b) the outside/untrust interface being fe-0/0/7.0. Configuration Below shows the required configuration for PPPoE. set interfaces fe-0/0/7 unit 0 encapsulation ppp-over-ether set interfaces pp0 unit 0 ppp-options … Read more
Persistence When an application maintains the session, a persistent session between the client and server must be correctly maintained to ensure the server can continue to process client requests. A typical example is web based shopping carts, this normally requires the user to maintain persistence to a single server during the lifetime of the session. … Read more
Within this article we will look at the various steps required in debugging a Site to Site VPN on an SRX series gateway. 1. Confirm Configuration First of all check the VPN configuration. This is also useful if and when you need to confirm the Phase 1 and Phase 2 parameter’s with the remote end. … Read more
Issue When connecting trying to connect via Dynamic VPN your client displays the following error: IKE Negotiations Failed Within the output of the IKE debug logs you see the following error: Jul 26 11:35:46 ike_st_i_n: Start, doi = 1, protocol = 1, code = No proposal chosen (14), spi[0..0] = 00000000 00000000 …, data[0..0] … Read more
Below is a small script to convert temperatures between celcuis and fahrenheit (and vice versa). This article / script is meant as reference point rather than a full tutorial. #!/usr/bin/python import sys def convert(t,fc): if t == “2f”: print (fc * 9) / 5 + 32,”Degress Fahrenheit” elif t == “2c”: print (fc – 32) … Read more
The BigIP F5 LTM supports various load balancing methods. These methods are categorized as either Static or Dynamic. Dynamic load balancing methods are considered balancing methods that take the server performance into consideration.This article also explains how the BigIP F5 LTM can balance traffic outside of the fore-mentioned Static and Dynamic balancing methods. Static Round … Read more
To configure a global deny statement for all your policy entries the following commands are used. set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match source-address any set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop match destination-address any set groups global-policy security policies from-zone <*> to-zone <*> policy default-logdrop … Read more