MetaFabric by Juniper

Today Juniper Networks announced the MetaFabric. MetaFabric is the next step and evolution in data centre architectures. There has been a vast amount of chatter, noise and FUD recently when it comes to flow programmability and overlay networking. What Juniper…

Here is the Juniper flavour of the FQDN access-list. The policy used references the dns-name and creates policy destination addresses accordingly. It is important, as noted in the optimisation and initial ASA FQDN configuration post, that you have a set…

A metric of time measurement in Tolkien’s Lord of the Rings is a ‘Valarian Age’. A Valarian Age is made up of 100 Valarian years. A Valarian year in turn is 10 mortal year. In the land of Tolkien, ‘In…

I have covered a deal of topics across JUNOS but now it is time to look at switch traffic capturing. It is possible in IOS with some simple monitor commands and it is rather straight forward on JUNOS. Now, I…

So what is DHCPv6 client mode and why can this help me? A while back Ivan Pepelnjak commented on the blog asking if the SRX had DHCPv6 client features such as IA_PD and IA_NA. Now as of version 12.1×45-D10 these…

As per the previous blogs if you have followed from the start you will notice you have downloaded, installed, and configured your Juniper SRX to support IDP technologies. This is a great start. For most users the default templates defined…

Juniper’s SRX family offer the ability to perform much more than firewalls, access-lists, and NAT. As a part of their Unified Threat Management suite (UTM), Intrusion Detection and Prevention (IDP) is a vital part to a layered approach to security.…

Time to get into some access-list tips. I am going to make a management zone and want to control which protocols.First make the address book entry we will use to define our management hosts. set security zones security-zone trust address-book…

A functional zone is a unique type of zone. The SRX family has only one type of functional zone applicable to it. The management zone is designed to have a physical interface allocated to it which allows true out-of-band management.…

  Ever need to make a firewall change or update a rule set but not had access to the device? An always on, cloud based software as a service solution has grown from the labs of OneConfig. Based on the premise of…

In a branch office you generally have workers who work standard business hours. These generally exist between the hours of 0700 and 1800 hours. Most branches have VOIP handsets or APs that run off PoE. These do not need to…

Quick one today and a memory refresh for myself. Routed L3 links between a SRX and an EX2200-C. I have currently two up links connected between the two. I want to advertise a L3 VLAN across to the SRX. I…

The buzzword in the industry of late is DevOps. It is one that I hope isn’t tarnished by the marketing machine where buzzwords go to die. DevOps is the shift in the paradigm of network and infrastructure management. Centralized infrastructure…

My Juniper lab is at home and contains an EX2220-C and a SRX110. Traditionally I created an interface in which I could SSH to. This worked for a while but when labbing you are generally testing new things. Well needless…

LLDP is the non proprietary version of CDP. This discovery protocol has applications that can make an administrators life much easier. Now with two physical devices I am going to implement LLDP on JUNOS with the EX-2200 and SRX110. First…

Today was a good day. I had a new arrival into the family. The Juniper Networks EX-2200 12-C PoE+. In addition to my SRX110-H-VA Firewall I now have a fully fledged JUNOS switch with all the bells a whistles. Juniper…

As many of you are well aware I own a Juniper Networks SRX110H-VA firewall. THis firewall has been the focus of many blogs up until now. I have covered off a myriad of subjects with many more to come in…