Juniper SRX Firewall – Allow ‘Ping’
Nov17

Juniper SRX Firewall – Allow ‘Ping’

KB ID 0000706  Problem I was working on an SRX100B Firewall yesterday, and needed to be able to ping the outside interface. Solution Note: You can quickly enable ping on a physical interface from CLI like so; set security zone security-zone trust interface ge-0/0/0 host-inbound-traffic system services ping 1. Log into the web console of the Juniper. 2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone...

Read More
Juniper SRX Firewall – Allow Web Management from Outside
Nov17

Juniper SRX Firewall – Allow Web Management from Outside

KB ID 0000708  Problem Assuming you already have web management enabled, and you want to access it from the outside (the untrusted zone). Solution 1. Log into the web console of the Juniper. 2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone > Edit > Host inbound traffic – Interface > Select the Outside interface > Under Interface services add in ‘http’ > OK. 3. Then...

Read More
Juniper SRX – Update the Operating System / Firmware
Nov17

Juniper SRX – Update the Operating System / Firmware

KB ID 0000989  Problem With two brand new SRX240 firewalls on the bench my first task was to get them updated to the latest operating system. Solution Before you start get the updated Juniper software. Option 1 Update the SRX firewall via Command Line 1. Connect to the firewall via either Console cable, telnet, or SSH. 2. Log on and then go to CLI mode, and then configuration mode. login: root Password: ******* — JUNOS...

Read More
Juniper SRX240 – Firewall Cluster (Active / Standby)
Nov17

Juniper SRX240 – Firewall Cluster (Active / Standby)

KB ID 0000990 Problem I’ve had very little exposure to JUNOS and Juniper equipment, and later in the year I have to deploy some for a client in a failover cluster. So I had a good look round on the Internet, and found loads of good blog posts and KB articles like this one. The problem is they are all geared to setting up a cluster, they ASSUME you then know about security zones, how to add default routes, and setup NAT etc. So...

Read More
Juniper SRX Firewall Alarm Light Lit
Nov17

Juniper SRX Firewall Alarm Light Lit

KB ID 0000993 Problem I noticed the alarm light was lit amber on an SRX240 Juniper firewall. Solution This will not serve as a solution to every alarm on the SRX, but it should point you where to look, and show you how to resolve the two problems I identified on my firewall. View SRX Alarm Status in J-Web The status is displayed on the ‘Dashboard’ tab, here you can see I’ve got two minor alarms. View SRX Alarm Status...

Read More
Juniper (JUNOS) SRX – Static ‘One-to-One’ NAT
Nov17

Juniper (JUNOS) SRX – Static ‘One-to-One’ NAT

KB ID 0000995  Problem Setting up ‘Static NAT’ is the process of taking one of your ‘spare’ public IP addresses, and permanently mapping that public IP to a private IP address on your network. In the example above I want to give my web sever which has an internal IP address of 192.168.1.10/24, the public IP address of 1.1.1.5/24. So if someone out on the Internet wants to view my website, they can browse to...

Read More