SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  SRX300 can't ping irb interfaces, or Google, or anything from terminal!

    Posted 11-28-2016 20:39

    I know this worked at some point, but for some reason I can't ping any of my irb interfaces, or Google's name servers, or pretty much anything. I'm not seeing anything being blocked by policy, but maybe I'm missing something. Could someone take a look at my SRX300 and see if I'm missing something?



  • 2.  RE: SRX300 can't ping irb interfaces, or Google, or anything from terminal!
    Best Answer

     
    Posted 11-28-2016 20:54

    Hello ,

     

    Can you try to remove the firewall filter from lo0 and check if that helps .



  • 3.  RE: SRX300 can't ping irb interfaces, or Google, or anything from terminal!

    Posted 11-28-2016 20:59

    Thank you - yes sure enough that fixed it... I was recently playing around with only allowing an exclusive IP address from SSH'ing to the router from inside/outside. I guess there needs to be some additional tweaking to get it to work without messing other things up.



  • 4.  RE: SRX300 can't ping irb interfaces, or Google, or anything from terminal!

     
    Posted 11-28-2016 21:16

    Hello ,

     

    What you can do is to creat  3 rules under the ruleset :

    1 st  rule  :  Allow  SSH access to permitted IP 

    2nd Rule  : Block SHH access to any other IPs

    3 rd rule : permitt everything  .

     

    eg:

     

    root# show firewall
    filter test {
    term 1 {
    from {
    source-address {
    1.2.3.4/32;
    }
    destination-port 22;
    }
    then accept;
    }
    term 2 {
    from {
    destination-port 22;
    }
    then {
    discard;
    }
    }
    term 3 {
    then accept;
    }
    }