Packet ipid = 65215, flow_process_pkt: (thd 1): flow_ctxt type 15, common flag 0x0, mbuf 0x423daf80, rtbl_idx = 0įlow process pak fast ifl 70 in_ifp vlan.2 No matter what, I cannot seem to ping from a host on 192.168.2.0/24 to 192.168.1.1, and the SRX reports it due to a policy deny. ![]() Set security policies from-zone home to-zone management policy test then permit Set security policies from-zone home to-zone management policy test match application any Set security policies from-zone home to-zone management policy test match destination-address any Set security policies from-zone home to-zone management policy test match source-address any Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services snmp Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services https Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services http Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services ssh Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services telnet See the Sample Output section for more details. The Junos OS Evolved traceroute command parses data in the same way as the Linux traceroute command, so the output is different compared to Junos OS. Use traceroute as a debugging tool to locate points of failure in a network. Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services traceroute Display the route that packets take to a specified network host. Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services ping Set security zones security-zone management interfaces vlan.1 host-inbound-traffic system-services dhcp Set security zones security-zone home interfaces vlan.2 host-inbound-traffic system-services traceroute Set security zones security-zone home interfaces vlan.2 host-inbound-traffic system-services ping Set security zones security-zone home interfaces vlan.2 host-inbound-traffic system-services dhcp Set interfaces vlan unit 2 family inet address 192.168.2.1/24 Set interfaces vlan unit 1 family inet address 192.168.1.1/24 ![]() However, I want to allow users on vlan.2 to reach this management address. I'm trying to configure an SRX210 such that management functions such as SSH are only enabled on a single interface, specifically vlan.1.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |