On the branch SRX devices, this can be achieved by the command:
lab@host-At> request routing-engine login node 1
— JUNOS 10.1R3.7 built 2010-011-10 04:15:10 UTC
On the high-end SRX devices, you will need to be in the shell and run the following command:
root@host-A% rlogin -T node1
In Juniper SA Series, there is an option to give a secure connection to corporate networks without the use of network connect .
In this example I’ll demonstrate how can we do this with OWA server .
Cashing: To control what browser contents temporarily stored (cached) on the client machine. Which web content the client’s computer will do cashing to it . Usually listed above are generated Automatically , so there is no need for our intervention in the configuration.
Now add the Realms to the SSO , then you can see that an autopolicy created:
- Creating the WSAM profile
JSAM is likely more for Apple users.
At this example I will demonstrate how to enter exchange through outlook
If you wonder why I typed (*) which means (all ports), that because we’re talking about a lot of ports, not only SMTP port .. if you have another helpful idea please put that in a comment .
Don’t forget to click on Add button , and then save and continue .
2. Adding the WSAM to a role :
As you noticed, it created automatically “Supporting Policies”. But if we created the WSAM by “Resource Policies”, then we’ll be have to create a profile, and associate then to each other (complicated) ..
If we configured something wrong in WSAM , this error message will be generated:
We can also add the application by the User Roles> Access features> Applications
Note that we add the application same as it shows in the Task Manager
In Junos Space Network Management Ver. 15.1
When trying to discover SA-2500 VPN appliance and getting the following error:
SSH connection failed. Device might not be reachable through device management interface.
This is because Junos Space will only manage devices that are running Junos 9.3 or higher. Any other operating system cannot be managed. Although you can have “unmanaged” devices whereby Junos Space and more specifically OpenNMS is performing SNMP monitoring only, You wouldn’t have the ability to perform configuration backups, configuration changes, software upgrades etc., with any unmanaged devices.
The supported platform list can be found at the following URL:
When we open the topology, the entire application will log out after a certain time.
In order to keep the display open as long as we want, We need to do the following:
Logon to the Junos Space Web UI >> Network Application Platform >> In the Network Application ribbon bar, click Administration >> Manage Applications >> Right-click Network Application Platform and then click Modify Application Settings >> Set the timeout value >> Save the changed settings and click the Modify button located at the bottom of the page
Reference : KB21829
Q. Is there a way to stop monitoring so Junos Space does not send out email notice ?
A. Yes . And there is actually two different ways to configure this out:
Administration > Fabric > SNMP manager
Select the checkbox for each fabric node > from the Actions menu > SNMP Stop > Yes
SNMP Restart for enabling it again .
how to implement transparent proxy so any internet traffic(HTTP, HTTPS,FTP) does not go directly rather via proxy server.
In Cisco we can do transparent proxy via WCCP, So how implement it with Juniper ?
set routing-options interface-routes rib-group inet IMPORT-PHY
set routing-options rib-groups IMPORT-PHY import-rib inet.0
set routing-options rib-groups IMPORT-PHY import-rib to-proxy.inet.0
set firewall family inet filter to-proxy term one from destination-port 80
set firewall family inet filter to-proxy term one from destination-port 443
set firewall family inet filter to-proxy term one from destination-port 21
set firewall family inet filter to-proxy term one then count to-proxy
set firewall family inet filter to-proxy term one then log
set firewall family inet filter to-proxy term one then routing-instance to-proxy
set firewall family inet filter to-proxy term two then count to-default-route
set firewall family inet filter to-proxy term two then log
set firewall family inet filter to-proxy term two then accept
set routing-instances to-proxy instance-type forwarding
set routing-instances to-proxy routing-options static route 0.0.0.0/0 next-hop X.X.X.X
While x.x.x.x your proxy server IP .
Then, you apply that filter as a family inet filter to an interface:
set interfaces ae0.6 family inet filter input to-proxy