[j-nsp] User Role Firewall in SRX
Does the Juniper SRX with Latest version 12.1x47 Support User Firewall roles without using MAG. I wasn't able to see that in the release notes also in the feature explorer. Thank you all.. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] User Role Firewall in SRX
Yes, this is one if the big new features in X47. It's called integrated user firewall. http://www.juniper.net/techpubs/en_US/junos12.1x47/information-products/pathway-pages/security/security-integrated-user-firewall.html -- Damien DeVille 4108028208 On Sep 9, 2014, at 10:21 AM, Nc Aji aji14...@gmail.com wrote: Does the Juniper SRX with Latest version 12.1x47 Support User Firewall roles without using MAG. I wasn't able to see that in the release notes also in the feature explorer. Thank you all.. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Practice lab environments, any suggestions?
Sorry, that should have been EX3300. On Tue, Sep 9, 2014 at 8:28 AM, Volodymyr Samodid vladimir.samo...@onat.edu.ua wrote: Hi, are you sure about VC and EX3200 ? I can't find any information in KB about that. Thanks. On 09/04/2014 07:38 PM, Tyler Christiansen wrote: It also depends on what certifications you're going for. Also need to keep in mind that EX2200 and EX3200, while capable of virtual chassis, do not have dedicated virtual chassis ports. None of those devices will let you do some of the switching features necessary for SP exams, and the J2300 and J4300 are end of sale. I haven't used the J series, but if they require a different Junos image than the J4350 or J2320, it may be difficult to find a new(er) Junos image. I would honestly just buy a few EX4200s and use Junos Firefly (or whatever it's called now) for the routing. If you can afford it, Junosphere is excellent. Not that it's expensive, but it does cost money, and if you don't use it for a significant portion of the day, it can be a waste of money. Junosphere is due for v4 soon (there used to be a notice about potential downtime while systems are upgraded to support it--or something to that effect). --tc On Thu, Sep 4, 2014 at 9:17 AM, Scott Granados sc...@granados-llc.net wrote: This actually looks interesting, thanks for the pointer. On Sep 4, 2014, at 12:11 PM, ryanL ryan.lan...@gmail.commailto: ryan.lan...@gmail.com wrote: something like this might be overkill, but might save you a lot of money on rack rentals if you plan on spending loads of time on this. http://www.ebay.com/itm/MUST-SEE-1OFAKIND-JUNIPER-JNCIE- JNCIS-JNCIA-CCIE-CCNP-COUNTERPART-CISCO-LAB-/141393100611?pt=US_Wired_ Routershash=item20ebaf7f43 (not my listing, just an example, buyer beware, etc etc) On Thu, Sep 4, 2014 at 11:58 AM, Scott Granados sc...@granados-llc.net mailto:sc...@granados-llc.net wrote: Hi, I’m starting down the path of certifications and wondering what people use for practice labs in terms of hardware? I did some googling but have mostly found rack rental services. Is this the primary method? Is there anyone putting together bundles for sale of used equipment like you might find for Cisco hardware? If not what hardware do people suggest for a home lab that’s reasonably cost effective. Any suggestions would be most appreciated. Any pointers to pre made kits or other solutions would also be greatly appreciated. Thanks Scott ___ juniper-nsp mailing list juniper-nsp@puck.nether.netmailto: juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- С уважением, Самодед Владимир SVAJ-RIPE|SVA88-UANIC -- *Tyler Christiansen | Technical Operations* tyler http://adap.tv/@adap.tv http://adap.tv/ | www.adap.tv *m :* 864.346.4095 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Practice lab environments, any suggestions?
Buy the cheapest l3 switch that works for you and get JunOS firefly -- really. It does most things you could see yourself doing anytime soon. On 9/10/2014 午前 12:37, Tyler Christiansen wrote: Sorry, that should have been EX3300. On Tue, Sep 9, 2014 at 8:28 AM, Volodymyr Samodid vladimir.samo...@onat.edu.ua wrote: Hi, are you sure about VC and EX3200 ? I can't find any information in KB about that. Thanks. On 09/04/2014 07:38 PM, Tyler Christiansen wrote: It also depends on what certifications you're going for. Also need to keep in mind that EX2200 and EX3200, while capable of virtual chassis, do not have dedicated virtual chassis ports. None of those devices will let you do some of the switching features necessary for SP exams, and the J2300 and J4300 are end of sale. I haven't used the J series, but if they require a different Junos image than the J4350 or J2320, it may be difficult to find a new(er) Junos image. I would honestly just buy a few EX4200s and use Junos Firefly (or whatever it's called now) for the routing. If you can afford it, Junosphere is excellent. Not that it's expensive, but it does cost money, and if you don't use it for a significant portion of the day, it can be a waste of money. Junosphere is due for v4 soon (there used to be a notice about potential downtime while systems are upgraded to support it--or something to that effect). --tc On Thu, Sep 4, 2014 at 9:17 AM, Scott Granados sc...@granados-llc.net wrote: This actually looks interesting, thanks for the pointer. On Sep 4, 2014, at 12:11 PM, ryanL ryan.lan...@gmail.commailto: ryan.lan...@gmail.com wrote: something like this might be overkill, but might save you a lot of money on rack rentals if you plan on spending loads of time on this. http://www.ebay.com/itm/MUST-SEE-1OFAKIND-JUNIPER-JNCIE- JNCIS-JNCIA-CCIE-CCNP-COUNTERPART-CISCO-LAB-/141393100611?pt=US_Wired_ Routershash=item20ebaf7f43 (not my listing, just an example, buyer beware, etc etc) On Thu, Sep 4, 2014 at 11:58 AM, Scott Granados sc...@granados-llc.net mailto:sc...@granados-llc.net wrote: Hi, I’m starting down the path of certifications and wondering what people use for practice labs in terms of hardware? I did some googling but have mostly found rack rental services. Is this the primary method? Is there anyone putting together bundles for sale of used equipment like you might find for Cisco hardware? If not what hardware do people suggest for a home lab that’s reasonably cost effective. Any suggestions would be most appreciated. Any pointers to pre made kits or other solutions would also be greatly appreciated. Thanks Scott ___ juniper-nsp mailing list juniper-nsp@puck.nether.netmailto: juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- С уважением, Самодед Владимир SVAJ-RIPE|SVA88-UANIC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Practice lab environments, any suggestions?
Hi, are you sure about VC and EX3200 ? I can't find any information in KB about that. Thanks. On 09/04/2014 07:38 PM, Tyler Christiansen wrote: It also depends on what certifications you're going for. Also need to keep in mind that EX2200 and EX3200, while capable of virtual chassis, do not have dedicated virtual chassis ports. None of those devices will let you do some of the switching features necessary for SP exams, and the J2300 and J4300 are end of sale. I haven't used the J series, but if they require a different Junos image than the J4350 or J2320, it may be difficult to find a new(er) Junos image. I would honestly just buy a few EX4200s and use Junos Firefly (or whatever it's called now) for the routing. If you can afford it, Junosphere is excellent. Not that it's expensive, but it does cost money, and if you don't use it for a significant portion of the day, it can be a waste of money. Junosphere is due for v4 soon (there used to be a notice about potential downtime while systems are upgraded to support it--or something to that effect). --tc On Thu, Sep 4, 2014 at 9:17 AM, Scott Granados sc...@granados-llc.net wrote: This actually looks interesting, thanks for the pointer. On Sep 4, 2014, at 12:11 PM, ryanL ryan.lan...@gmail.commailto: ryan.lan...@gmail.com wrote: something like this might be overkill, but might save you a lot of money on rack rentals if you plan on spending loads of time on this. http://www.ebay.com/itm/MUST-SEE-1OFAKIND-JUNIPER-JNCIE-JNCIS-JNCIA-CCIE-CCNP-COUNTERPART-CISCO-LAB-/141393100611?pt=US_Wired_Routershash=item20ebaf7f43 (not my listing, just an example, buyer beware, etc etc) On Thu, Sep 4, 2014 at 11:58 AM, Scott Granados sc...@granados-llc.net mailto:sc...@granados-llc.net wrote: Hi, I’m starting down the path of certifications and wondering what people use for practice labs in terms of hardware? I did some googling but have mostly found rack rental services. Is this the primary method? Is there anyone putting together bundles for sale of used equipment like you might find for Cisco hardware? If not what hardware do people suggest for a home lab that’s reasonably cost effective. Any suggestions would be most appreciated. Any pointers to pre made kits or other solutions would also be greatly appreciated. Thanks Scott ___ juniper-nsp mailing list juniper-nsp@puck.nether.netmailto: juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- С уважением, Самодед Владимир SVAJ-RIPE|SVA88-UANIC ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] User Role Firewall in SRX
Hi Nc, From the release notes: . Integrated user firewall [SRX Series]-This feature retrieves user-to-IP address mappings from the Windows Active Directory to use as match criteria in firewall policies. The SRX Series device polls the event log of the Active Directory Controller (ADC) to determine who has logged on. The username and group are queried from the LDAP service in the ADC. The SRX Series device uses the IP address, username, and group information to generate authentication entries that the UserFW module uses to enforce user-based and group-based policy control over traffic. Best regards, Maarten -Oorspronkelijk bericht- Van: juniper-nsp [mailto:juniper-nsp-boun...@puck.nether.net] Namens Nc Aji Verzonden: dinsdag 9 september 2014 16:21 Aan: juniper-nsp@puck.nether.net Onderwerp: [j-nsp] User Role Firewall in SRX Does the Juniper SRX with Latest version 12.1x47 Support User Firewall roles without using MAG. I wasn't able to see that in the release notes also in the feature explorer. Thank you all.. ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Juniper, añádeme a tu red de LinkedIn
Hola, Juniper: Me gustaría conectar contigo en LinkedIn. Arshad Khan Network Security Engineer at Mobily Aceptar: http://www.linkedin.com/blink?simpleRedirect=3wSdP0UczsVcPkOc3wTcjkNejkZh4BKrSBQonhFtCVF9DpAhQtyuAx9fnBBiShBsC5EsOoUcBZOpm9JpmRvpnhFtCVFfmJB9ClQqnpKqntBryRQs6lzoS4JoyRJtCVFnSRJrScJr6RBfmtKqmJzon9Q9DsNs65nd3BqkkBShR51fmVBqSZkp6BJ9ClQqnpKin9BoCRBrjRx9zAJe39OemNSuCwJtnxKrSYZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTsLbPFMt7hEmsgID=I539560443_40markAsRead= Ver el perfil de Arshad Khan: http://www.linkedin.com/blink?simpleRedirect=3sQcjoPdzwOfkh9sClyrmlJ9CFiq7sZrClHrRhEt7lx9ClJomUZpn1Vl6xQtm4Cc3hvcPgQc3oRejcRilYQdjkNdzgNd3RQs6lzoQ5KrSBQonhFtCVF9zwOnT9BoCRBrlZBt6BSrCAZqSkCpnhFtCVFtSlKbmlJomUJoyRJtCVFnSRJrScJr6RBfmtKqmJzon9Q9DsNs65nd3BqkkBShR51fmVBqSZkp6BJ9DpMrzRQ9zAJe39OemNSuCwJtnxKrSYZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTsLbPFMt7hEmsgID=I539560443_40markAsRead= Estás recibiendo mensajes sobre Invitación. Date de baja aquí: http://www.linkedin.com/blink?simpleRedirect=0VbjwOszBItDFEbnlUrCZLfmhFpip1en5JiT5Ksnt8iAxgrTtzsSsQdTFntmdcjTpgi6FvcBtiemdLl4QUkzBjhzdPljpCijgOnQ5RmnxWuD1JuBtbqBZIukVSoCxlgk51pT9SdToOkPp4qBx7kk4Zp6BLr2oUcBZOpm9JpmRvpnhFtCVFfmJB9ClQqnpKqntBryRytndKtiRCbmRSrCBvrmRLoORIrmkZpSVFqSdxsDgCtP5MolsQelFhinp7kk4ZrClHrRhAqmQCsTlBfngCeiQUcD8Vr7pWq2RRu6VLrPRBfP9SbSkLrmZzbCVFp6lHrCBIbDtTtOYLeDdMt7hEmsgID=I539560443_40markAsRead= Este mensaje de correo electrónico estaba dirigido a Juniper List (soporte y capacitacion en iquall networks). Averigua por qué incluimos esto en este enlace: http://www.linkedin.com/blink?simpleRedirect=0Ue3sQfmh9pmNzqnhOoioUcBZOpm9JpmRvpnhFtCVFfmJB9DsNs65nd3BqkkBShR51fmVBqSZkp6BJ9CNOlmlzqnpOpldOpmRLt7dRoPRx9zAJe39OemNSuCwJtnxKrSYZpjYOtyZBbSRLoOVKqmhBqSVFr2VTtTsLbPFMt7hEmsgID=I539560443_40markAsRead= copy;2014 LinkedIn Ireland Limited, registrada en Irlanda como sociedad anónima, número de identificación 477441; oficina registradora: 70 Sir John Roberson’s Quay, Dublín 2 ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] BGP Peer formatting
This is a silly/OCD question; I've faced this before and I can't recall how it was prettied up... If I recall there is a way to pretty up the formatting of show bgp summary; Peer AS InPkt OutPktOutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... XXX.XXX.XXX.XXX X4463666 120866 0 0 5w3d 9:31:20 Establ inet.0: 272410/510233/510233/0 To remove the line break / fix the table formatting. I've tried adjusting screen-width with no joy. Halp? ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] BGP Peer formatting
On 10 Sep 2014, at 7:54 am, Scott Harvanek scott.harva...@login.com wrote: This is a silly/OCD question; I've faced this before and I can't recall how it was prettied up... If I recall there is a way to pretty up the formatting of show bgp summary; Peer AS InPkt OutPktOutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped... XXX.XXX.XXX.XXX X4463666 120866 0 0 5w3d 9:31:20 Establ inet.0: 272410/510233/510233/0 To remove the line break / fix the table formatting. I've tried adjusting screen-width with no joy. Halp? There's a few ways to neaten it, but it's a case of which information you can live without: show bgp summary | except inet show bgp group summary | match l: Failing that, I just hacked up an op script to only show a summarised version from each peer - output here: https://github.com/dfex/DFEXjunoscripts/blob/master/show-bgp-neat.md Code here: https://github.com/dfex/DFEXjunoscripts/blob/master/show-bgp-neat.slax The script *should* sum all the prefixes from each RIB into a single summarised number per peer, but I haven't had a chance to test it too thoroughly yet. Feedback/Pull Requests welcome. Cheers, Ben ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] T4000 power architecture
Howdy, Can anybody shed any light on how the PEMs on a T4000 actually distribute power to each FPC slot? Have the case of a single FPC slot that is showing power being received from only one of the PEMs, whilst all the other FPC slots are load sharing as expected. Replacing the FPC shows the same issue, so we're pretty happy that it's slot specific. What I'm curious about is if the midplane has individual 'traces' (for lack of a better term) for supplying power to each FPC from the two PEMs, or if there is a common bus shared between all the FPCs from each PEM. The reason I ask is if the PEM only has a single connection to the midplane, replacing it seems pointless and instead it looks like we're better off replacing the midplane. If the PEM has individual outputs to each slot, then replacing the PEM seems like a reasonable approach. I've been pointed at the following document ( http://www.juniper.net/documentation/en_US/release-independent/junos/topics/concept/power-supply-t4000-description.html) which is very light-on in terms of detail. Does anybody know if there is a more detailed document available (or even internally?) that we can ask about? Thanks! ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp