Junos OS

last person joined: 22 hours ago 

Ask questions and share experiences about Junos OS.
  • 1.  SRX100 basic ping connectivity

    Posted 05-17-2011 23:12

    Dear All,

     

    This is my first time posting a message in JNET and so I apologize if I am in the wrong board.

     

    I am currently taking my self study for JNCIA and I am using 1 SRX100 for simulation. I am following the JUNOS Cookbook from Oreilly and I am now in firewall filter part.

     

     

    my configuration is all default and my problem is below.

    I set-up an IP address 10.1.1.1/24 to fe-0/0/2  and connect my laptop with IP of 10.1.1.2/24

     

    root@router1# run show interfaces terse fe-0/0/2
    Interface               Admin Link Proto    Local                 Remote
    fe-0/0/2                up    up
    fe-0/0/2.0              up    up   inet     10.1.1.1/24

     

    from the output, I am not sure if I should be seeing the 10.1.1.2/24 under the remote column.

     

    but I supposed that by befault. all traffic should be accepted since I did not specidfy any filter.

     

    when I ping 10.1.1.1 from my laptop. I am receiving a request time out. but when I execute "arp-a" I can see the

    SRX100 fe-0/0/2 mac address registered to my laptop's mac address table.

     

    I am not yet good in setting up zones in junos but if you think theres something missing in my test configuration,

    I will appreciate any advise to make it work.

     

    Thanks

     

    -ryan



  • 2.  RE: SRX100 basic ping connectivity
    Best Answer

    Posted 05-17-2011 23:47

    By default SRX does not forward nor accept any traffic without a security policy applied.

    In your case you should put the fe-0/0/2 in a zone, and configure host-inbound-traffc either for interface or entire zone.

    Minimum configuration should look like this:

     

    security zones
        security-zone test {

    host-inbound-traffic {
    system-services {
    ping;

    telnet;
    traceroute;
    }
    }

    interfaces {
    ge-0/0/2.0;

    }

    }

     



  • 3.  RE: SRX100 basic ping connectivity

    Posted 05-18-2011 00:02

    Hi ryandavebrigino, 

     

    this site should be very helpful for you: http://kb.juniper.net/InfoCenter/index?page=content&id=KB15694

     

    I would also recommend the book 'Junos Security' (http://amzn.to/mOOj2h) for the work with SRX devices.



  • 4.  RE: SRX100 basic ping connectivity

    Posted 05-18-2011 01:22

    Hi Dumitru,

     

    Your solution works, I might need to go further to security zones and not only wiht filters.  thanks

     

    Sebastian,

     

    Thankyou for the resource materials, After I finished with oreilly, I will try your links.

     

    regards,

    -ryan



  • 5.  RE: SRX100 basic ping connectivity

    Posted 05-18-2011 01:34

    Hi Dumitru,

     

    In oreilly book, it says that if I configure a firewall filter with the config below.

    It says like that ping would work.

     


    interfaces {

        fe-0/0/2 {
            unit 0 {
                family inet {
                    filter {
                        input incoming;
                    }
                    address 10.1.1.1/24;
                }
            }
        }

    firewall {
        filter incoming {
            term allow-access {
                from {
                    protocol [ tcp icmp ];
                }
                then accept;
            }
        }

     

     

     

    after applying this configuration, my ping from the laptop did not work.

    Please advise if this configuration is not applicable with SRX series

     

     

    regards,

    -ryan