SRX

Hi All,

Topology attached. Ping between the vr101 to ge-0/0/4.201 is working fine. Telnet between the two is also working fine. But the FTP is not going through.

I have checked the ACME-SV zone on srxA-1 and confirmed it allows telnet/ftp/ping traffic...while also there's a Policy to allow traffic from Juniper-SV zone zo ACME-SV zone..

Something I am missing? Attached configuration..

Hi Wendohw,

does ftp enabled under system services?

set system services ftp .

Regards
rparthi
 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

Hi,

Can you try to enable FTP globally as service

# set system services ftp

Guys, it worked. M surprised I have to enable that under ZONES and GLobal as well. ???

Another question:

So, I'm trying to download a Config file via ftp, from the srxA-1 to the vr101.  Using the command:

ftp> get  /config/juniper.conf.1.gz 

I get feedback as follows:

ftp: local: /config/juniper.conf.1.gz: Permission denied

If I don't include a slash before the word config, I get this Error instead:

ftp: local: config/juniper.conf.1.gz: No such file or directory

Shouldn't this be possible? To transfer a config file under the /config directory, from the srxA-1 to the device from which I have initiated the ftp connection?

Really appreciate your support. Thanks.

Hi wendohw ,

Thanks for the update.

You are trying to download current configuration file from the active device. it will not work.

You can run the following command to create backup settings on active node and download it to new device.

from the active node , goto configuration mode and run the following command :

root@SRX-650# save /var/tmp/configbackup
Wrote 181 lines of configuration to '/var/tmp/configbackup'

now do the ftp to active node and change the location to /var/tmp/

and then get the file configbackup

once it is downloaded to new device, you can import the configuration using

root@SRX-240# load override /var/tmp/configbackup  if the configbackup file is stored on /var/tmp/

Regards
rparthi
 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too

Hi @rparthi ,

It worked like a charm. I just created a backup config on the secondary device, and tried downloading it to the "active" device. It successfully transfered the file and what I notice is that, the file is store in exact same "directory" as in the origin.

If in origin it was under /var/tmp/ then in the "active" device, it will be stored in the same directory as well /var/tmp , Automatically.

Thank you very much. I can now test UTM by trying to block transfers based on extensions etc. I will leave this open for now until I finish this Lab part.. (just incas I have a related quesion). Immediately thereafter, I will mark as Solved. 

Hi wendohw ,

Thanks for the update.

From your other forum thread

http://forums.juniper.net/t5/SRX-Services-Gateway/Both-AppID-and-IDP-Signatures-on-SRX/m-p/250402#M30873

it looks like you are able to block the ftp file extensions successfully after moving the security policy.

Please Mark this issue as accepted solution so that this thread can be closed.

Regards
rparthi
 

Please Mark My Solution Accepted if it Helped, Kudos are Appreciated Too