Hi Sam,
It seems im still not getting any luck, I even rebooted the SRX got a new Public IP, rebooted ISP modem and Wireless AP. On the show route I saw a 10 IP there 10.11.1.121 is this the default Gateway, but yes I'm unable to ping 4.2.2.2, please see logs below:
0.0.0.0/0 *[Access-internal/12] 00:01:17
> to 10.11.1.121 via ge-0/0/0.0
0.0.0.0/1 *[Direct/0] 00:01:17
delete interfaces ge-0/0/0 unit 0 family inet address 192.168.2.10/24
set interfaces ge-0/0/0 unit 0 family inet dhcp-client
delete routing-options static route 0.0.0.0/0 next-hop 192.168.2.1
also performed request system reboot on SRX, ISP Modem, Wireless AP
root@SRX1> show interfaces ge-0/0/0 de
^
'de' is ambiguous.
Possible completions:
descriptions Display interface description strings
detail Display detailed output
root@SRX1> show interfaces ge-0/0/0 detail
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 508, Generation: 137
Description: Access_to_Internet
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: hidden MAC, Hardware address: hidden MAC
Last flapped : 2020-06-12 08:43:55 UTC (3d 20:46 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 132592604659 2392 bps
Output bytes : 7591373183 1336 bps
Input packets: 97925522 4 pps
Output packets: 64273380 3 pps
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 64267161 64267161 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 6216 6216 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
Interface transmit statistics: Disabled
Logical interface ge-0/0/0.0 (Index 71) (SNMP ifIndex 510) (Generation 136)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 132592605019
Output bytes : 7591373003
Input packets: 97925528
Output packets: 64273380
Local statistics:
Input bytes : 10548625
Output bytes : 369851
Input packets: 175798
Output packets: 8790
Transit statistics:
Input bytes : 132582056394 0 bps
Output bytes : 7591003152 0 bps
Input packets: 97749730 0 pps
Output packets: 64264590 0 pps
Security: Zone: internet
Allowed host-inbound traffic : igmp dhcp ike ping
Flow Statistics :
Flow Input statistics :
Self packets : 5
ICMP packets : 34361
VPN packets : 0
Multicast packets : 0
Bytes permitted by policy : 132581793647
Connections established : 0
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 7590810030
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 0
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 146
Security association not active: 0
TCP sequence number out of window: 283
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 150, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 0/1, Local: 76.XX.SS.AA Broadcast: 127.255.255.255,
Generation: 156
root@SRX1> show configuration | display set
set version 12.1X46-D82
set system host-name SRX1
set system time-zone toronto
set system root-authentication encrypted-password
set system name-server 4.2.2.1
set system name-server 8.8.8.8
set system services ssh
set system services telnet
set system services xnm-clear-text
set system services dhcp-local-server group JunosDHCP-group interface ge-0/0/1.0
set system services web-management https system-generated-certificate
set system services web-management https interface vlan.0
set system services web-management https interface ge-0/0/1.0
set system syslog archive size 100k
set system syslog archive files 3
set system syslog user * any emergency
set system syslog file messages any critical
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands error
set system syslog file blocked-traffic any any
set system syslog file blocked-traffic match RT_FLOW_SESSION_DENY
set system syslog file no-route-present any any
set system syslog file no-route-present match "NO ROUTE PRESENT"
set system max-configurations-on-flash 5
set system max-configuration-rollbacks 5
set system license autoupdate url https://ae1.juniper.net/junos/key_retrieval
set interfaces ge-0/0/0 description Access_to_Internet
set interfaces ge-0/0/0 unit 0 family inet dhcp-client
set interfaces ge-0/0/1 description Access_to_LAN
set interfaces ge-0/0/1 unit 0 family inet address 192.168.50.10/24
set interfaces fe-0/0/2 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/3 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/4 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/5 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/6 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces fe-0/0/7 unit 0 family ethernet-switching vlan members vlan-trust
set interfaces lo0 unit 0 family inet address 11.11.11.1/24
set interfaces vlan unit 0 family inet address 192.168.1.1/24
set protocols stp
set security address-book global address lan 192.168.50.0/24
set security screen ids-option untrust-screen icmp ping-death
set security screen ids-option untrust-screen ip source-route-option
set security screen ids-option untrust-screen ip tear-drop
set security screen ids-option untrust-screen tcp syn-flood alarm-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood attack-threshold 200
set security screen ids-option untrust-screen tcp syn-flood source-threshold 1024
set security screen ids-option untrust-screen tcp syn-flood destination-threshold 2048
set security screen ids-option untrust-screen tcp syn-flood timeout 20
set security screen ids-option untrust-screen tcp land
set security nat source rule-set internet-nat from zone lan
set security nat source rule-set internet-nat to zone internet
set security nat source rule-set internet-nat rule lan-access match source-address 192.168.50.0/24
set security nat source rule-set internet-nat rule lan-access match destination-address 0.0.0.0/0
set security nat source rule-set internet-nat rule lan-access then source-nat interface
set security policies from-zone lan to-zone internet policy FirewallPolicy match source-address lan
set security policies from-zone lan to-zone internet policy FirewallPolicy match destination-address any
set security policies from-zone lan to-zone internet policy FirewallPolicy match application any
set security policies from-zone lan to-zone internet policy FirewallPolicy then permit
set security policies from-zone lan to-zone internet policy FirewallPolicy then log session-close
set security policies global policy global_drop match source-address any
set security policies global policy global_drop match destination-address any
set security policies global policy global_drop match application any
set security policies global policy global_drop then deny
set security policies global policy global_drop then log session-init
set security zones security-zone trust host-inbound-traffic system-services all
set security zones security-zone trust host-inbound-traffic protocols all
set security zones security-zone trust host-inbound-traffic protocols ospf
set security zones security-zone trust host-inbound-traffic protocols bgp
set security zones security-zone trust interfaces vlan.0
set security zones security-zone untrust screen untrust-screen
set security zones security-zone internet host-inbound-traffic system-services dhcp
set security zones security-zone internet host-inbound-traffic system-services ping
set security zones security-zone internet host-inbound-traffic system-services ike
set security zones security-zone internet host-inbound-traffic protocols igmp
set security zones security-zone internet interfaces ge-0/0/0.0
set security zones security-zone lan host-inbound-traffic system-services ping
set security zones security-zone lan host-inbound-traffic system-services https
set security zones security-zone lan host-inbound-traffic system-services traceroute
set security zones security-zone lan host-inbound-traffic system-services ssh
set security zones security-zone lan host-inbound-traffic system-services dhcp
set security zones security-zone lan host-inbound-traffic protocols bgp
set security zones security-zone lan host-inbound-traffic protocols ospf
set security zones security-zone lan interfaces ge-0/0/1.0
set access address-assignment pool JunosPool family inet network 192.168.50.0/24
set access address-assignment pool JunosPool family inet range JunosRange low 192.168.50.11
set access address-assignment pool JunosPool family inet range JunosRange high 192.168.50.254
set access address-assignment pool JunosPool family inet dhcp-attributes maximum-lease-time 86400
set access address-assignment pool JunosPool family inet dhcp-attributes name-server 207.164.234.193
set access address-assignment pool JunosPool family inet dhcp-attributes name-server 207.164.234.129
set access address-assignment pool JunosPool family inet dhcp-attributes router 192.168.50.10
set poe interface all
set vlans vlan-trust vlan-id 3
set vlans vlan-trust l3-interface vlan.0
root@SRX1> show dhcp client binding
IP address Hardware address Expires State Interface
76.XX.SS.AA hidden MAC 86143 BOUND ge-0/0/0.0
root@SRX1> show dhcp server binding
IP address Session Id Hardware address Expires State Interface
Private IP ( mac address) 621 BOUND ge-0/0/1.0
root@SRX1> show security nat source summary
Total port number usage for port translation pool: 0
Maximum port number for port translation pool: 16777216
Total pools: 0
Total rules: 1
Rule name Rule set From To Action
lan-access internet-nat lan internet interface
root@SRX1> show route 4.2.2.2
inet.0: 30 destinations, 30 routes (30 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/1 *[Direct/0] 00:05:32
> via ge-0/0/0.0
After rebooting the ISP modem i got a different public IP
root@SRX1> show interfaces ge-0/0/0 de
^
'de' is ambiguous.
Possible completions:
descriptions Display interface description strings
detail Display detailed output
root@SRX1> show interfaces ge-0/0/0 detail
Physical interface: ge-0/0/0, Enabled, Physical link is Up
Interface index: 134, SNMP ifIndex: 508, Generation: 137
Description: Access_to_Internet
Link-level type: Ethernet, MTU: 1514, Link-mode: Full-duplex, Speed: 1000mbps,
BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled,
Source filtering: Disabled, Flow control: Disabled, Auto-negotiation: Enabled,
Remote fault: Online
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x0
Link flags : None
CoS queues : 8 supported, 8 maximum usable queues
Hold-times : Up 0 ms, Down 0 ms
Current address: hidden, Hardware address: hidden
Last flapped : 2020-06-16 05:43:34 UTC (00:00:31 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 3060 2016 bps
Output bytes : 2417 1408 bps
Input packets: 36 4 pps
Output packets: 20 4 pps
Egress queues: 8 supported, 4 in use
Queue counters: Queued packets Transmitted packets Dropped packets
0 best-effort 20 20 0
1 expedited-fo 0 0 0
2 assured-forw 0 0 0
3 network-cont 0 0 0
Queue number: Mapped forwarding classes
0 best-effort
1 expedited-forwarding
2 assured-forwarding
3 network-control
Active alarms : None
Active defects : None
Interface transmit statistics: Disabled
Logical interface ge-0/0/0.0 (Index 71) (SNMP ifIndex 510) (Generation 136)
Flags: SNMP-Traps 0x0 Encapsulation: ENET2
Traffic statistics:
Input bytes : 3240
Output bytes : 2321
Input packets: 39
Output packets: 22
Local statistics:
Input bytes : 2844
Output bytes : 2321
Input packets: 34
Output packets: 22
Transit statistics:
Input bytes : 396 0 bps
Output bytes : 0 0 bps
Input packets: 5 0 pps
Output packets: 0 0 pps
Security: Zone: internet
Allowed host-inbound traffic : igmp dhcp ike ping
Flow Statistics :
Flow Input statistics :
Self packets : 3
ICMP packets : 0
VPN packets : 0
Multicast packets : 0
Bytes permitted by policy : 0
Connections established : 0
Flow Output statistics:
Multicast packets : 0
Bytes permitted by policy : 1678
Flow error statistics (Packets dropped due to):
Address spoofing: 0
Authentication failed: 0
Incoming NAT errors: 0
Invalid zone received packet: 0
Multiple user authentications: 0
Multiple incoming NAT: 0
No parent for a gate: 0
No one interested in self packets: 0
No minor session: 0
No more sessions: 0
No NAT gate: 0
No route present: 2
No SA for incoming SPI: 0
No tunnel found: 0
No session for a gate: 0
No zone or NULL zone binding 0
Policy denied: 0
Security association not active: 0
TCP sequence number out of window: 0
Syn-attack protection: 0
User authentication errors: 0
Protocol inet, MTU: 1500, Generation: 150, Route table: 0
Flags: Sendbcast-pkt-to-re
Addresses, Flags: Is-Preferred Is-Primary
Destination: 0/1, Local: 70.XX.SS.AA Broadcast: 127.255.255.255,
Generation: 154
0.0.0.0/0 *[Access-internal/12] 00:01:17
> to 10.11.1.121 via ge-0/0/0.0
0.0.0.0/1 *[Direct/0] 00:01:17
> via ge-0/0/0.0
{deleted other routes}
root@SRX1> ping 10.11.1.121
PING 10.11.1.121 (10.11.1.121): 56 data bytes
^C
--- 10.11.1.121 ping statistics ---
12 packets transmitted, 0 packets received, 100% packet loss
root@SRX1> show route 4.2.2.2
inet.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/1 *[Direct/0] 00:02:47
> via ge-0/0/0.0
root@SRX1> show route 4.2.2.2 extensive
inet.0: 18 destinations, 18 routes (18 active, 0 holddown, 0 hidden)
0.0.0.0/1 (1 entry, 1 announced)
*Direct Preference: 0
Next hop type: Interface
Address: 0x15bc438
Next-hop reference count: 2
Next hop: via ge-0/0/0.0, selected
State: <Active Int>
Age: 2:54
Task: IF
Announcement bits (1): 1-Resolve tree 1
AS path: I