SRX

Hello,

This is my first SRX240 programmed from basically scratch.  It is just a simple setup with ge-0/0/4 connected to a Juniper EX3300 switch which then goes to our core router.  I am trying to set up a lab scenario for testing but I am unable to ping the default gateway from the command line and I cannot ping the SRX240 from the network.  If I take my laptop and plug it into the same port on the EX3300 using the same IP address I am able to ping the default gateway just fine.  It has to be something simple I am missing.  I made sure the interface was in the Trust zone and allowed Trust to Trust traffic.  Attached is the config.  I know there is an implied "deny all" but shouldn't the policies I created allow all traffic?  I shouldn't need firewall filters should I?  Thanks in advance.

Attachment(s)

srx240config.txt   3 KB 1 version

Hi Knight

From your description I understand that you are unable to ping default gateway from SRX CLI.

If you initiate ping from SRX CLI, then it is a host-inbound-traffic for SRX and it has to be allowed under zones.

I see that you are using vlan.1 ip-address is in same subnet of gateay.

You need to add vlan.1 interface to security zone and allow host-inbound-traffic for it.

Add below and check if it helps:

root@host# set security zones security-zone Trust interfaces vlan.1

Regards,

Raveen

Hey Raveen,

I knew it was something simple I was overlooking.  I added that command and it came right up.  I appreciate your help and have a safe and Happy New Year.