SRX

Hi All,

I wasn't trying anything fancy just trying to configure a SRX210 as an internet router. I've configured FE0/0/2 for PPPoE (as untrusted zone) and FE(0/0/4) on my laptop. my laptop could get a DHCP as expected

I have configured other ports like FE0/0/3 to go to an access point in the future but not worried about it at this stage.

I tested www.google.com worked great, but any other sites failed

I first thought it was a DNS issue and i put the name-server setting under system as well as under DHCP, then i telnet into some website using port 80 from my laptop and i saw replies from it, which proved it wasn't a DNS issue.

I was wondering if i had misconfigured any security zones but i cross checked with some working examples and couldn't find any differences between them.

I've configured FE0/0/2 (my internet port) in the untrust zone and assigned it as vlan.4 and FE0/0/4 as trust zone in vlan.0

Much appreicated if anyone can show me some light on this as I'm quite frustrated at the moment...

config is attached.

Attachment(s)

r03 funny config.txt   6 KB 1 version

Hi Jimmy,

The fact google is loading for you and not other websites would make me think a tcp-mss issue.  You should experiement with lowering the tcp mss.

Maybe start with the following:

user@srx#set security flow tcp-mss all-tcp mss 1350

http://www.juniper.net/techpubs/en_US/junos11.1/topics/example/session-tcp-maximum-segment-size-for-srx-series-setting-cli.html

worked great with that extra command! thanks a million!