Juniper SRX Update the Operating System / Firmware
SRX Update KB ID 0000989 Problem With two brand new SRX firewalls on the bench my first task was to get them updated to the latest operating system. Solution : SRX Update Before you start get the updated Juniper software. Option 1 Update SRX firewall via Command Line 1. Connect to the firewall via either Console cable, telnet, or SSH. 2. Log on and then go to CLI mode, and then configuration mode. login: root Password: *******...
Juniper SRX Cluster (Active / Standby)
SRX Cluster KB ID 0000990 Problem I’ve had very little exposure to JUNOS and Juniper equipment, and later in the year I have to deploy some for a client in a failover cluster. So I had a good look round on the Internet, and found loads of good blog posts and KB articles like this one. The problem is they are all geared to setting up a cluster, they ASSUME you then know about security zones, how to add default routes, and setup...
Juniper SRX Alarm Light Lit
SRX Alarm Light KB ID 0000993 Problem I noticed the alarm light was lit amber on an SRX240 Juniper firewall. Solution : SRX Alarm Light This will not serve as a solution to every alarm on the SRX, but it should point you where to look, and show you how to resolve the two problems I identified on my firewall. View SRX Alarm Light Status in J-Web The status is displayed on the ‘Dashboard’ tab, here you can see I’ve got...
Juniper JUNOS SRX NAT – Static ‘One-to-One’
SRX NAT KB ID 0000995 Problem Setting up ‘Static NAT’ is the process of taking one of your ‘spare’ public IP addresses, and permanently mapping that public IP to a private IP address on your network. In the example above I want to give my web sever which has an internal IP address of 192.168.1.10/24, the public IP address of 1.1.1.5/24. So if someone out on the Internet wants to view my website, they can...
Juniper SRX Commit Errors
SRX Commit Errors KB ID 0000999 Problem WARNING: This article is not to cover every problem that will stop you committing the firewall config. It just serves to document problems I’ve encountered, and I how I overcame them. Solution: SRX Commit Errors I came across the following two problems whilst attempting to setup a ‘chassis cluster’. both were related to configuration existing on interfaces that I wanted to use...
Juniper SRX Firewall – Allow ‘Ping’
KB ID 0000706 Problem I was working on an SRX100B Firewall yesterday, and needed to be able to ping the outside interface. Solution Note: You can quickly enable ping on a physical interface from CLI like so; set security zone security-zone trust interface ge-0/0/0 host-inbound-traffic system services ping 1. Log into the web console of the Juniper. 2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone...
Juniper SRX Firewall – Allow Web Management from Outside
KB ID 0000708 Problem Assuming you already have web management enabled, and you want to access it from the outside (the untrusted zone). Solution 1. Log into the web console of the Juniper. 2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone > Edit > Host inbound traffic – Interface > Select the Outside interface > Under Interface services add in ‘http’ > OK. 3. Then...
Factory Reset Juniper SRX Firewall
KB ID 0001003 Problem If you manage to stuff up your firewall, or you have just done some testing and want to revert back to ‘as new’ here is how to do it. Solution 1. Connect to the firewall either by console cable or via SSH, go to CLI mode then configuration mode. login: PeteL Password: ************ — JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC PeteL@Petes-SRX> cli PeteL@Petes-SRX> configure Entering...
Juniper SRX – Setting the Default Static Route
KB ID 0001008 Problem It takes me seconds to do this on an ASA, on every occasion I’ve had to do the same on a Juniper firewall I’ve had to research how to do it again. Here I’m setting up the ‘default’ route to the Internet, but the syntax is the same for setting up any static route. Solution 1. Connect to the firewall either by console cable or via SSH, go to CLI mode then configuration mode....
JunOS – Using TACACS+ With Cisco ACS
KB ID 0001040 Problem I’ve been configuring a client’s Juniper SRX chassis cluster, for a while now. Their ACS was deployed last week so my task was to configure it to use the TACACS+ from the Cisco ACS server. The client’s setup required them to use their fxp0 management interfaces to perform the authentication. After it was configured and working, (due in no small part, to the ACS skills of Mr SteveH). I decided...