SRX Services Gateway
SRX Services Gateway

Opening port SRX300

‎11-12-2018 05:01 AM

Hello there,

 

I have a device connected to my network that should be accessed by the port 3000.

It is in my internal network and I can ping it properly.

 

The problem is that I cannot access the device using the proper software because it does not respond.

I think it is because my Juniper SRX300 is blocking the 3000 port somehow.

 

Is there anyway to see if it is blocking or not?

How can I unblock it?

 

Kind regards.

3 REPLIES 3
SRX Services Gateway

Re: Opening port SRX300

‎11-12-2018 04:51 PM

Connections through the SRX are controlled by security policy which are in the direction of intiator to receiver of the flow.

 

Each interface is assigned to a zone.  So policy is written in from zone to zone format.

 

In the configuration under security zones you can see the zone assigned to each interface.

Then note the ingress interface is from zone and the egress interface is to zone.

The command

show security policy from-zone AAAA to-zone BBBB

Will list all the existing policies.

 

If there is no policy allowing the connection you create one.

 

If the connection is inbound from the internet you will likely also need a destination nat policy to create the port forward operation to reach the server.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: Opening port SRX300

‎11-13-2018 02:58 AM

Hello,

 

Thanks for answering.

 

I ran the command you told and it did not return anything.

Seems there is no policy for that.

 

I will give you more details and maybe you can help me with the commands I should run.

 

I am in a network 10.196.24.X and I need to access a fingerprint device (where people mark their entrance, etc).

This device is in another city but we are connected via VPN, the device's IP is 10.196.136.230.

 

I can ping it properly from here, but to collect the data from the device, we need to use its software.

This software connects to this device using the port 3000.

 

When we try we receive a time out message.

 

Do you have any idea of what I should run in my SRX to establish this connection?

 

Kind regards.

SRX Services Gateway

Re: Opening port SRX300

‎11-13-2018 03:14 AM

If you look at the route for the remote site.

show route 10.196.136.230

 

Does it show that the next hop is via st0.x interface?

This would be a route based vpn.  Otherwise you have a policy based vpn.

 

If there is an st0.x interface look for that interface under security zones to determine the remote site zone.

Then we can determine the policy to add for the application.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home