JUNOS Space Security Director Rules

JUNOS Space 14.1 and Security Director 14.1 have been out for a few months now.  With this version, I can finally start recommending the widespread adoption.  I’ve actually started using it and started installing it for customers.  It’s finally usable and workable! Juniper’s documentation is usually one of the better vendors out there, but for some reason, the … Continue Reading

Gracefully Upgrading JUNOS Devices with Dual RE’s

One of the coolest things about the routing plane with Juniper routers is the fact that you can have dual/redundant independent routing-engines. Routers are constantly making decisions, running algorithms, and updating the database for the correct way for traffic to get to every destination possible.  They do this to always have the quickest/most efficient route … Continue Reading

Update JUNOS Config with Remote API slax/juise

Mike over at High on PHP recently showed everyone the coolest thing in the world …. How to run SLAX on JUNOS boxes remotely with JUISE…. Seeing this in action nearly made me pee my pants! Too COOL! I went through his setup with ease…once I upgraded my Linux distribution.  (It requires curl libraries that were … Continue Reading

Dual routing-engines/control ports on a @JuniperNetworks SRX

The Juniper Networks SRX architecture is frequently deployed in a redundant configuration. Especially the data-center SRX’s (SRX1400, SRX3400, SRX3600, SRX5600, SRX5800). It’s pretty obvious why. When you think about the data that the firewall is protecting, uptime is just as critical to the security of the system, sometimes even more-so. Production web, database, storage, and … Continue Reading

Here we go… JNCIE-SEC Exam scheduled!

I just scheduled my JNCIE-SEC exam for June 19, 2013! I’m fairly confident I could take it now and pass, but I thought I’d give myself a couple of months to truly dive into configs, case studies, etc.  I already have the other 2 JNCIE’s and the lab-based JNCIP, so I know how the testing … Continue Reading

Juniper SRX Op Script: op-monitor

On the data center SRX’s running “show security flow session summary” will return all of the sessions on each SPC.  This can be a bit time consuming when your SRX is fully loaded with SPCs.  A great way to find out how many sessions are on each SPC at any given moment is the “srx-monitor” … Continue Reading

Troubleshooting a @JuniperNetworks SRX Flow

How I troubleshoot on an SRX Prerequisite: Log Everything! Look for logs If you see denied logs, the SRX is not allowing the flow. Check the policy configuration: Make sure this traffic is hitting the correct policy Change the policy or reorder policies to allow the traffic If you see permitted logs, the SRX is … Continue Reading

Juniper Route Selection Process (BGP)

I’ve had to look this up more than a few times, so I figured I’d throw it here for anyone else looking. Yes, I know it’s all over the Internet, but one more place doesn’t hurt does it? And remember, the LOCAL PREFERENCE value is the only value where HIGHER is better. Route Preference (BEFORE BGP Path … Continue Reading

SRX Clustering (cluster-id 0)

You can disable clustering in a Juniper SRX with the following command: set chassis cluster disable You can also disable clustering with this command: set chassis cluster cluster-id 0 This goes against the way most things work inside JUNOS. Typically, if you have a numbered field, it always starts at Zero. Not the case for … Continue Reading