JUNOS Space Security Director Rules

JUNOS Space 14.1 and Security Director 14.1 have been out for a few months now.  With this version, I can finally start recommending the widespread adoption.  I’ve actually started using it and started installing it for customers.  It’s finally usable and workable! Juniper’s documentation is usually one of the better vendors out there, but for some reason, the … Continue Reading

JUNOS BGP Damping Policies

Attached is a good starting point for damping policies.  You could create different damping policies per BGP group/neighbor, but a standard set allows an enforced “network-wide” BGP damping policy. Download BGP_Damping_config_template_stanza.txt To apply the policy, you just add the damping knob and add the policy to the import policy list before any ACCEPT actions are done. I … Continue Reading

Add Logging to All Security Policies on a #Juniper #SRX

If you’re tired of typing “then log session-init” or clicking on the log button in NSM or on the web GUI there is an easy way to log every single policy. We’ll use JUNOS groups to accomplish this. From the CLI: configure set groups log-all-policies security policies from-zone <*> to-zone <*> policy <*> then log … Continue Reading

Juniper SRX Status (High End) #Juniper

If you want to capture the full status of an SRX, here are the commands I run to get a good baseline of what’s going on in a high end Juniper SRX. If you’re running routing-instances, make sure to update the protocol statuses with “routing-instance xyz”   show arp no-resolve | no-more show bgp summary … Continue Reading