vSphere – Adding a Serial Port to a VM
KB ID 0001039 Problem I wanted to perform command line access to a virtual firewall on my home ESXi server, (a Juniper Firefly vSRX) via a console session. To do that I needed to add a serial port to that VM. Solution 1. From Within the VI client > Select the ESXi Host > Configuration > Security Profile > Firewall Section > Properties. 2. Locate and enable ‘VM serial port connected over network’ > OK. 3....
Juniper SRX Firewall – Allow ‘Ping’
KB ID 0000706 Problem I was working on an SRX100B Firewall yesterday, and needed to be able to ping the outside interface. Solution Note: You can quickly enable ping on a physical interface from CLI like so; set security zone security-zone trust interface ge-0/0/0 host-inbound-traffic system services ping 1. Log into the web console of the Juniper. 2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone...
Juniper SRX Firewall – Allow Web Management from Outside
KB ID 0000708 Problem Assuming you already have web management enabled, and you want to access it from the outside (the untrusted zone). Solution 1. Log into the web console of the Juniper. 2. Navigate to Security > Zones/Screen > Select the ‘Untrust’ Zone > Edit > Host inbound traffic – Interface > Select the Outside interface > Under Interface services add in ‘http’ > OK. 3. Then...
Factory Reset Juniper SRX Firewall
KB ID 0001003 Problem If you manage to stuff up your firewall, or you have just done some testing and want to revert back to ‘as new’ here is how to do it. Solution 1. Connect to the firewall either by console cable or via SSH, go to CLI mode then configuration mode. login: PeteL Password: ************ — JUNOS 12.1X47-D10.4 built 2014-08-14 22:21:50 UTC PeteL@Petes-SRX> cli PeteL@Petes-SRX> configure Entering...
JunOS – Using TACACS+ With Cisco ACS
KB ID 0001040 Problem I’ve been configuring a client’s Juniper SRX chassis cluster, for a while now. Their ACS was deployed last week so my task was to configure it to use the TACACS+ from the Cisco ACS server. The client’s setup required them to use their fxp0 management interfaces to perform the authentication. After it was configured and working, (due in no small part, to the ACS skills of Mr SteveH). I decided...