SRX

Hi experts I am building my lab topology for SRX deployment in transparent mode.  As per below topology it is working fine but when I change the topology a bit transparent firewall does not pass transit traffic.

Like I want that management traffic to the transparent firewall and transit traffic through transparent firewall should be passed on a separate links. To achieve this I removed the native-vlan-id configuration on transparent firewall interface uplinked to Data Centre switch and also deleted its sub interface configured for carrying mgmt traffic but as soon I deleted the native vlan-id and sub interface configured for mgmt traffic whole transit traffic passing through transparent firewall also dropped. As soon as restore native vlan-id and sub interface configuration (configured for carrying mgmt traffic) transit traffic also starts passing through transparent SRX .

Any solution or suggestion, please

I have also attached post delete configuration (native vlan-id deleted and sub interface for mgmt traffic also deleted from tagged interface) . Some other useful information like bridge Mac table and route forwarding table for all bridge domains are also there. Most astonishing part is output of "show route forwarding-table bridge-domain 50 detail) , here is bridge domain is being shown as 60 and also next-if is fe-0/0/4.60 where as it should be fe-0/0/4.50

Any clue

Attachment(s)

bd issue.txt   5 KB 1 version

Now configuration changes roll backed and transit traffice starts flowing through transparent SRX. But again a strange point is ..

show route forwarding-table bridge-domain bd1-vlan.0050 detail

Routing table: default-switch.bridge
Bridging domain: bd2.bridge
VPLS:
Destination        Type RtRef Next hop           Type Index NhRef Netif
00:0a:00:00:00:1f/48 user     0                  ucst   552     4 fe-0/0/4.1
00:0a:00:00:10:7b/48 user     0                  ucst   552     4 fe-0/0/4.1
00:0a:00:00:3c:8a/48 user     0                  ucst   552     4 fe-0/0/4.1

Attachment(s)

bd issue1.txt   2 KB 1 version

Finally issue resolved , i guess it was loop in native vlan (vlan-id 1).. Actually i was deleting native vlan on transparent firewall side and configuring another interface (ge-0/0/0 with vlan-id 1) on transparent firewall. In this way vlan-id 1 was configured on two interfaces of data center switch and both connected to transparent firewall.

As final solution i deleted concerned interface configuration on transparent firewall and Data centre switch. Then I re-configured each interface on both devices and its working now.

Hello Guys,

I have a situation at hand as well

I am working on a solution and need to introduce the SRX in transparent mode between 2 devices. The initial design is :

Internet Router (10.10.60.14)...........(10.10.60.3) MX router--------(LAN in different subnets)

now we need to position the SRX in transparent mode

Internet Router (10.10.60.14)........SRX(trans mode)........(10.10.60.3) MX router--------(LAN in different subnets)

when we cofnigured the SRX in that mode and positioned it in line the different segment of the LAN are unable to access the internet.

Any assistance to rectify this. will appreciate