Juniper SRX – Commit Errors
KB ID 0000999 Problem WARNING: This article is not to cover every problem that will stop you committing the firewall config. It just serves to document problems I’ve encountered, and I how I overcame them. Solution I came across the following two problems whilst attempting to setup a ‘chassis cluster’. both were related to configuration existing on interfaces that I wanted to use as Reth interfaces. essentially I...
Factory Reset Juniper SRX Firewall
KB ID 0001003 Problem If you manage to stuff up your firewall, or you have just done some testing and want to revert back to ‘as new’ here is how to do it. Solution 1. Connect to the firewall either by console cable or via SSH, go to CLI mode then configuration mode. login: PeteL Password: ************ — JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC PeteL@Petes-SRX> cli PeteL@Petes-SRX> configure Entering...
JunOS – Using TACACS+ With Cisco ACS
KB ID 0001040 Problem I’ve been configuring a client’s Juniper SRX chassis cluster, for a while now. Their ACS was deployed last week so my task was to configure it to use the TACACS+ from the Cisco ACS server. The client’s setup required them to use their fxp0 management interfaces to perform the authentication. After it was configured and working, (due in no small part, to the ACS skills of Mr Steve Housego). I...
Juniper SRX – Setting the Default Static Route
KB ID 0001008 Problem It takes me seconds to do this on an ASA, on every occasion I’ve had to do the same on a Juniper firewall I’ve had to research how to do it again. Here I’m setting up the ‘default’ route to the Internet, but the syntax is the same for setting up any static route. Solution 1. Connect to the firewall either by console cable or via SSH, go to CLI mode then configuration mode....
Juniper SRX – ‘The Routing Subsystem Is Not Running’
KB ID 0001045 Problem While trying to deploy Solarwinds to monitor a Juniper SRX failover cluster, we were having no joy connecting to the management interface of the secondary/standby firewall. The management (fxp0) interface on the primary (node0) firewall we could get to OK. ] After jumping on the secondary firewall (via the console connection) we observed the following; error: the routing subsystem is not running Solution As you...
Cisco ASA to Juniper SRX Site to Site VPN
KB ID 0000710 Problem You want to establish a site to site VPN from a site with a Cisco ASA firewall, to another site running a Juniper SRX firewall. I had to do this this week, and struggled to find any good information to help. In the example below I’m configuring the whole thing from a laptop (172.16.254.206) that’s on the Juniper’s site. Use the diagram below, and substitute your own IP addresses and subnet...