SRX Services Gateway
Highlighted
SRX Services Gateway

Default interface to start Skyatp session from

‎05-28-2019 05:20 AM

Hello 

 

I have a problem regarding connecting to Skyatp cloud.

the Problem is i can only ping the internet from specific interface.

If i dont specify the source interface i cant ping or have a DNS lookup.

is there a way to force the connection to gets out from the untrust interface?

4 REPLIES 4
SRX Services Gateway

Re: Default interface to start Skyatp session from

‎05-28-2019 05:47 AM
set services advanced-anti-malware connection (authentication | source-address | source-interface | url)


https://www.juniper.net/documentation/en_US/release-independent/sky-atp/topics/reference/command-sum...
Thanks,
Suraj
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too
SRX Services Gateway
Solution
Accepted by topic author amrmhishjuniper
‎05-29-2019 01:30 PM

Re: Default interface to start Skyatp session from

[ Edited ]
‎05-28-2019 09:52 PM

Hi amrmhishjuniper,

 

When connecting to the Internet the SRX will use by default the IP address of the interface facing the Internet (usually the interface in the untrust zone). To what interface is linked the address being used now? Can you share a "> show route 8.8.8.8" to better understand your implementation.

 

The following document explains more about the source address to be used for outbound traffic generated by the SRX:

 

https://www.juniper.net/documentation/en_US/junos/topics/reference/configuration-statement/default-a...

 

And in the following discussion it was suggested to specify a source-address for the packets sent to the DNS server:

 

https://forums.juniper.net/t5/Routing/DNS-Request-Source-Address/td-p/316655

 

You could try a "monitor traffic" as suggested in the above link to confirm the source-IP being used right now.

 

SRX Services Gateway

Re: Default interface to start Skyatp session from

‎05-28-2019 11:45 PM

Hey

 

the output from 

admin@node0> show route 8.8.8.8

inet.0: 204 destinations, 205 routes (204 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 09:23:10
> to X:X:X:X via reth0.1000
[Static/5] 09:23:09
> to X:X:X:X via reth0.1000

 

I did change the Public IP adresses to X:X:X:X for security reasons

i can ping the internet using the interface reth0.1000 but if i used ping alone i still cant do it.

I did read your response but for some reason the Ping is going out from a diffrent Interface

SRX Services Gateway

Re: Default interface to start Skyatp session from

‎05-29-2019 01:13 AM

Right after you send some pings to 8.8.8.8, try the following command to see the created sessions:

 

> show security flow session destination-prefix 8.8.8.8 protocol icmp

 

On the output we will see the source IP address that is being used. Once you know it please try the following command:

 

> show interfaces terse | match [source_address_ being_used]

 

Im trying to confirm whats the IP address and interface being used for sourcing the host-outbound-traffic.