SRX100 basic ping connectivity

ryandavebrigino · ‎04-04-2011

Dear All,

This is my first time posting a message in JNET and so I apologize if I am in the wrong board.

I am currently taking my self study for JNCIA and I am using 1 SRX100 for simulation. I am following the JUNOS Cookbook from Oreilly and I am now in firewall filter part.

my configuration is all default and my problem is below.

I set-up an IP address 10.1.1.1/24 to fe-0/0/2 and connect my laptop with IP of 10.1.1.2/24

root@router1# run show interfaces terse fe-0/0/2
Interface               Admin Link Proto    Local                 Remote
fe-0/0/2                up    up
fe-0/0/2.0              up    up   inet     10.1.1.1/24

from the output, I am not sure if I should be seeing the 10.1.1.2/24 under the remote column.

but I supposed that by befault. all traffic should be accepted since I did not specidfy any filter.

when I ping 10.1.1.1 from my laptop. I am receiving a request time out. but when I execute "arp-a" I can see the

SRX100 fe-0/0/2 mac address registered to my laptop's mac address table.

I am not yet good in setting up zones in junos but if you think theres something missing in my test configuration,

I will appreciate any advise to make it work.

Thanks

-ryan

dpapana · ‎04-01-2011

By default SRX does not forward nor accept any traffic without a security policy applied.

In your case you should put the fe-0/0/2 in a zone, and configure host-inbound-traffc either for interface or entire zone.

Minimum configuration should look like this:

security zones
security-zone test {

host-inbound-traffic {
system-services {
ping;

telnet;
traceroute;
}
}

interfaces {
ge-0/0/2.0;

}

Regards,
Dumitru Papana

gosi · ‎12-11-2009

Hi ryandavebrigino,

this site should be very helpful for you: http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

I would also recommend the book 'Junos Security' (http://amzn.to/mOOj2h) for the work with SRX devices.

ryandavebrigino · ‎04-04-2011

Hi Dumitru,

Your solution works, I might need to go further to security zones and not only wiht filters. thanks

Sebastian,

Thankyou for the resource materials, After I finished with oreilly, I will try your links.

regards,

-ryan

ryandavebrigino · ‎04-04-2011

Hi Dumitru,

In oreilly book, it says that if I configure a firewall filter with the config below.

It says like that ping would work.

interfaces {

    fe-0/0/2 {
        unit 0 {
            family inet {
                filter {
                    input incoming;
                }
                address 10.1.1.1/24;
            }
        }
    }

firewall {
    filter incoming {
        term allow-access {
            from {
                protocol [ tcp icmp ];
            }
            then accept;
        }
    }

after applying this configuration, my ping from the laptop did not work.

Please advise if this configuration is not applicable with SRX series

regards,

-ryan

SRX100 basic ping connectivity

Re: SRX100 basic ping connectivity

Re: SRX100 basic ping connectivity

Re: SRX100 basic ping connectivity

Re: SRX100 basic ping connectivity