Junos
Reply
Visitor
ryandavebrigino
Posts: 4
Registered: ‎04-04-2011
0
Accepted Solution

SRX100 basic ping connectivity

Dear All,

 

This is my first time posting a message in JNET and so I apologize if I am in the wrong board.

 

I am currently taking my self study for JNCIA and I am using 1 SRX100 for simulation. I am following the JUNOS Cookbook from Oreilly and I am now in firewall filter part.

 

 

my configuration is all default and my problem is below.

I set-up an IP address 10.1.1.1/24 to fe-0/0/2  and connect my laptop with IP of 10.1.1.2/24

 

root@router1# run show interfaces terse fe-0/0/2
Interface               Admin Link Proto    Local                 Remote
fe-0/0/2                up    up
fe-0/0/2.0              up    up   inet     10.1.1.1/24

 

from the output, I am not sure if I should be seeing the 10.1.1.2/24 under the remote column.

 

but I supposed that by befault. all traffic should be accepted since I did not specidfy any filter.

 

when I ping 10.1.1.1 from my laptop. I am receiving a request time out. but when I execute "arp-a" I can see the

SRX100 fe-0/0/2 mac address registered to my laptop's mac address table.

 

I am not yet good in setting up zones in junos but if you think theres something missing in my test configuration,

I will appreciate any advise to make it work.

 

Thanks

 

-ryan

Trusted Expert
dpapana
Posts: 282
Registered: ‎04-01-2011
0

Re: SRX100 basic ping connectivity

By default SRX does not forward nor accept any traffic without a security policy applied.

In your case you should put the fe-0/0/2 in a zone, and configure host-inbound-traffc either for interface or entire zone.

Minimum configuration should look like this:

 

security zones
    security-zone test {

host-inbound-traffic {
system-services {
ping;

telnet;
traceroute;
}
}

interfaces {
ge-0/0/2.0;

}

}

 

Regards,
Dumitru Papana
Contributor
gosi
Posts: 82
Registered: ‎12-11-2009
0

Re: SRX100 basic ping connectivity

Hi ryandavebrigino, 

 

this site should be very helpful for you: http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

 

I would also recommend the book 'Junos Security' (http://amzn.to/mOOj2h) for the work with SRX devices.

Visitor
ryandavebrigino
Posts: 4
Registered: ‎04-04-2011
0

Re: SRX100 basic ping connectivity

Hi Dumitru,

 

Your solution works, I might need to go further to security zones and not only wiht filters.  thanks

 

Sebastian,

 

Thankyou for the resource materials, After I finished with oreilly, I will try your links.

 

regards,

-ryan

Visitor
ryandavebrigino
Posts: 4
Registered: ‎04-04-2011
0

Re: SRX100 basic ping connectivity

Hi Dumitru,

 

In oreilly book, it says that if I configure a firewall filter with the config below.

It says like that ping would work.

 


interfaces {

    fe-0/0/2 {
        unit 0 {
            family inet {
                filter {
                    input incoming;
                }
                address 10.1.1.1/24;
            }
        }
    }

firewall {
    filter incoming {
        term allow-access {
            from {
                protocol [ tcp icmp ];
            }
            then accept;
        }
    }

 

 

 

after applying this configuration, my ping from the laptop did not work.

Please advise if this configuration is not applicable with SRX series

 

 

regards,

-ryan

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.