{"id":292,"date":"2015-08-30T13:57:59","date_gmt":"2015-08-30T13:57:59","guid":{"rendered":"http:\/\/www.safekom.pl\/blog\/?p=292"},"modified":"2016-10-28T07:25:33","modified_gmt":"2016-10-28T06:25:33","slug":"lab-ipsec-srx-palo","status":"publish","type":"post","link":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/","title":{"rendered":"LAB – IPSEC SRX <--> PALO"},"content":{"rendered":"

Dzi\u015b przyszed\u0142 czas na lab z wykorzystaniem urz\u0105dze\u0144 Juniper SRX oraz Palo Alto Networks. Skupi\u0119 si\u0119 w tym wpisie na skonfigurowaniu po\u0142\u0105czenia VPN Ipsec pomi\u0119dzy tymi urz\u0105dzeniami.<\/p>\n

za\u0142o\u017cenia:<\/h3>\n

\"vpn_srx_palo_pb\"<\/a><\/p>\n\n\n\n\n
Faza 1<\/td>\naes256 sha-1 pfs g2 3600s<\/td>\n<\/tr>\n
Faza 2<\/td>\naes256 sha-1 pfs g2 3600s<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n
<\/td>\nPalo<\/td>\nSRX<\/td>\n<\/tr>\n
Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu<\/td>\n10.20.10.0\/24<\/td>\n10.10.10.0\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n
<\/td>\nPalo<\/td>\nSRX<\/td>\n<\/tr>\n
Interfejs z adresem tzw. publicznym<\/td>\n192.168.1.210\/24<\/td>\n192.168.1.2\/24<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Konfiguracja\u00a0SRX<\/h3>\n

Faza1<\/p>\n

set security ike proposal IKE-phase1-LAB02 authentication-method pre-shared-keys\r\nset security ike proposal IKE-phase1-LAB02 dh-group group2\r\nset security ike proposal IKE-phase1-LAB02 authentication-algorithm sha1\r\nset security ike proposal IKE-phase1-LAB02 encryption-algorithm aes-256-cbc\r\nset security ike proposal IKE-phase1-LAB02 lifetime-seconds 3600\r\n\r\nset security ike policy ike-phase1-LAB02 mode main\r\nset security ike policy ike-phase1-LAB02 proposals IKE-phase1-LAB02\r\nset security ike policy ike-phase1-LAB02 pre-shared-key ascii-text Qwert678!\r\n\r\n\r\nset security ike gateway gw-Palo-lab ike-policy ike-phase1-LAB02\r\nset security ike gateway gw-Palo-lab address 192.168.1.210\r\nset security ike gateway gw-Palo-lab external-interface fe-0\/0\/7\r\nset security ike gateway gw-Palo-lab local-address 192.168.1.2<\/pre>\n
Faza 2<\/p>\n
set security ipsec proposal ipsec-phase2-lab02 protocol esp\r\nset security ipsec proposal ipsec-phase2-lab02 authentication-algorithm hmac-sha1-96\r\nset security ipsec proposal ipsec-phase2-lab02 encryption-algorithm aes-256-cbc\r\n\r\n\r\nset security ipsec policy ipsec-phase2-lab02-polcy perfect-forward-secrecy keys group2\r\nset security ipsec policy ipsec-phase2-lab02-polcy proposals ipsec-phase2-lab01\r\n\r\n\r\nset security ipsec vpn ike-vpn-palo ike gateway gw-Palo-lab\r\nset security ipsec vpn ike-vpn-palo ike proxy-identity local 10.10.10.0\/24\r\nset security ipsec vpn ike-vpn-palo ike proxy-identity remote 10.20.1.0\/24\r\nset security ipsec vpn ike-vpn-palo ike proxy-identity service any\r\nset security ipsec vpn ike-vpn-palo ike ipsec-policy ipsec-phase2-lab01-polcy\r\nset security ipsec vpn ike-vpn-palo establish-tunnels immediately<\/pre>\n
Konfiguracja polityki vpn<\/p>\n
Dodanie obiekt\u00f3w<\/p>\n
set security address-book global address SRX_LAN_10.10.10.0 10.10.10.0\/24\r\nset security address-book global address Palo_LAN_10.20.1.0 10.20.1.0\/24<\/pre>\n
Konfiguracja polityki z Trust do Untrust<\/p>\n
set security policies from-zone trust to-zone untrust policy vpn-tr-untr02 match source-address SRX_LAN_10.10.10.0\r\nset security policies from-zone trust to-zone untrust policy vpn-tr-untr02 match destination-address Palo_LAN_10.20.1.0\r\nset security policies from-zone trust to-zone untrust policy vpn-tr-untr02 match application any\r\nset security policies from-zone trust to-zone untrust policy vpn-tr-untr02 then permit tunnel ipsec-vpn ike-vpn-palo<\/pre>\n
Konfiguracja polityki z Untrust do Trust<\/p>\n
set security policies from-zone untrust to-zone trust policy vpn-untr-tr02 match source-address Palo_LAN_10.20.1.0\r\nset security policies from-zone untrust to-zone trust policy vpn-untr-tr02 match destination-address SRX_LAN_10.10.10.0\r\nset security policies from-zone untrust to-zone trust policy vpn-untr-tr02 match application any\r\nset security policies from-zone untrust to-zone trust policy vpn-untr-tr02 then permit tunnel ipsec-vpn ike-vpn-palo<\/pre>\n
Konfiguracja Palo<\/h3>\n
Konfiguracja IKE Proposal<\/p>\n
Web:<\/p>\n
 <\/p>\n
\"palo_ike01\"<\/a><\/p>\n
CLI:<\/p>\n
set network ike crypto-profiles ike-crypto-profiles IKE-Proposal-SRX hash sha1\r\nset network ike crypto-profiles ike-crypto-profiles IKE-Proposal-SRX dh-group group2\r\nset network ike crypto-profiles ike-crypto-profiles IKE-Proposal-SRX encryption aes256\r\nset network ike crypto-profiles ike-crypto-profiles IKE-Proposal-SRX lifetime hours 1<\/pre>\n
Konfiguracja IPSEC Propsal<\/p>\n
Web:<\/p>\n
\"palo_ipsec02\"<\/a><\/p>\n
Cli:<\/p>\n
set network ike crypto-profiles ipsec-crypto-profiles IPSEC-Proposal-SRX esp authentication sha1\r\nset network ike crypto-profiles ipsec-crypto-profiles IPSEC-Proposal-SRX esp encryption aes256\r\nset network ike crypto-profiles ipsec-crypto-profiles IPSEC-Proposal-SRX lifetime hours 1\r\nset network ike crypto-profiles ipsec-crypto-profiles IPSEC-Proposal-SRX dh-group group2<\/pre>\n
Konfiguracja Fazy 1<\/p>\n
Web:<\/p>\n
\"palo_ipsec03\"<\/a><\/p>\n
\"palo_ipsec04\"<\/a><\/p>\n
 <\/p>\n
Cli:<\/p>\n
set network ike gateway IKE-SRX-GW protocol ikev1 dpd enable no\r\nset network ike gateway IKE-SRX-GW protocol ikev1 ike-crypto-profile IKE-Proposal-SRX\r\nset network ike gateway IKE-SRX-GW protocol ikev1 exchange-mode main\r\nset network ike gateway IKE-SRX-GW local-address interface ethernet1\/1\r\nset network ike gateway IKE-SRX-GW local-address ip 192.168.1.210\/24\r\nset network ike gateway IKE-SRX-GW authentication pre-shared-key key Qwert678!\r\nset network ike gateway IKE-SRX-GW protocol-common nat-traversal enable no\r\nset network ike gateway IKE-SRX-GW protocol-common fragmentation enable no\r\nset network ike gateway IKE-SRX-GW protocol-common passive-mode yes\r\nset network ike gateway IKE-SRX-GW peer-address ip 192.168.1.2<\/pre>\n
Konfiguracja Fazy 2:<\/p>\n
Konfiguracja zony VPN<\/p>\n
Web:<\/p>\n
\"palo_ipsec15\"<\/a><\/p>\n
 <\/p>\n
Cli<\/p>\n
set zone VPN network layer3<\/pre>\n
Utworzenie interfejsu tunel z przypisaniem do zony VPN<\/p>\n
Web:<\/p>\n
\"palo_ipsec05\"<\/a><\/p>\n
Cli<\/p>\n
set network interface tunnel interface-management-profile mgmnt\r\nset zone VPN network layer3 tunnel<\/pre>\n
Utworzenie profilu IPSEC<\/p>\n
Web:<\/p>\n
\"palo_ipsec06\"<\/a><\/p>\n
Dodanie proxy id<\/p>\n
\"palo_ipsec07\"<\/a><\/p>\n
Cli:<\/p>\n
set network tunnel ipsec IPSEC-PALO_SRX auto-key ike-gateway IKE-SRX-GW \r\nset network tunnel ipsec IPSEC-PALO_SRX auto-key proxy-id palo-srx protocol any \r\nset network tunnel ipsec IPSEC-PALO_SRX auto-key proxy-id palo-srx local 10.20.1.0\/24\r\nset network tunnel ipsec IPSEC-PALO_SRX auto-key proxy-id palo-srx remote 10.10.10.0\/24\r\nset network tunnel ipsec IPSEC-PALO_SRX auto-key ipsec-crypto-profile IPSEC-Proposal-SRX\r\nset network tunnel ipsec IPSEC-PALO_SRX tunnel-monitor enable no\r\nset network tunnel ipsec IPSEC-PALO_SRX tunnel-interface tunnel<\/pre>\n
Dodanie routingu w kierunku SRX na Palo<\/p>\n
\"palo_ipsec08\"<\/a>Cli:<\/p>\n
set network virtual-router default routing-table ip static-route vpn-srx interface tunnel\r\nset network virtual-router default routing-table ip static-route vpn-srx metric 10\r\nset network virtual-router default routing-table ip static-route vpn-srx destination 10.10.10.0\/24<\/pre>\n
Dodanie polityk fw na Palo<\/p>\n
Polityka z Trust to VPN<\/p>\n
Cli:<\/p>\n
set rulebase security rules vpn-srx to VPN\r\nset rulebase security rules vpn-srx from trust\r\nset rulebase security rules vpn-srx source any\r\nset rulebase security rules vpn-srx destination any\r\nset rulebase security rules vpn-srx source-user any\r\nset rulebase security rules vpn-srx category any\r\nset rulebase security rules vpn-srx application any\r\nset rulebase security rules vpn-srx service application-default\r\nset rulebase security rules vpn-srx hip-profiles any\r\nset rulebase security rules vpn-srx action allow\r\n<\/pre>\n
Polityka z VPN to Trust<\/p>\n
set rulebase security rules vpn-to-palo to trust\r\nset rulebase security rules vpn-to-palo from VPN\r\nset rulebase security rules vpn-to-palo source any\r\nset rulebase security rules vpn-to-palo destination any\r\nset rulebase security rules vpn-to-palo source-user any\r\nset rulebase security rules vpn-to-palo category any\r\nset rulebase security rules vpn-to-palo application any\r\nset rulebase security rules vpn-to-palo service application-default\r\nset rulebase security rules vpn-to-palo hip-profiles any\r\nset rulebase security rules vpn-to-palo action allow\r\nset rulebase security rules vpn-to-palo log-start yes<\/pre>\n
Sprawdzenie dzia\u0142ania VPN<\/h3>\n
SRX:<\/p>\n
Faza 1<\/p>\n
root@srx_lab> show security ike security-associations               \r\nIndex   State  Initiator cookie  Responder cookie  Mode           Remote Address   \r\n2430487 UP     51c22bb643895b79  afa9078ec7b25980  Main           192.168.1.210   \r\n\r\nroot@srx_lab> show security ike security-associations detail \r\nIKE peer 192.168.1.210, Index 2430487, Gateway Name: gw-Palo-lab\r\n  Role: Initiator, State: UP\r\n  Initiator cookie: 51c22bb643895b79, Responder cookie: afa9078ec7b25980\r\n  Exchange type: Main, Authentication method: Pre-shared-keys\r\n  Local: 192.168.1.2:500, Remote: 192.168.1.210:500\r\n  Lifetime: Expires in 1966 seconds\r\n  Peer ike-id: 192.168.1.210\r\n  Xauth assigned IP: 0.0.0.0\r\n  Algorithms:\r\n   Authentication        : hmac-sha1-96 \r\n   Encryption            : aes256-cbc\r\n   Pseudo random function: hmac-sha1\r\n   Diffie-Hellman group  : DH-group-2\r\n  Traffic statistics:\r\n   Input  bytes  :                  672\r\n   Output bytes  :                 1208\r\n   Input  packets:                    4\r\n   Output packets:                    6\r\n  Flags: IKE SA is created \r\n  IPSec security associations: 1 created, 0 deleted\r\n  Phase 2 negotiations in progress: 0\r\n\r\n    Negotiation type: Quick mode, Role: Initiator, Message ID: 0\r\n    Local: 192.168.1.2:500, Remote: 192.168.1.210:500\r\n    Local identity: 192.168.1.2         \r\n    Remote identity: 192.168.1.210\r\n    Flags: IKE SA is created   \r\n\r\n<\/pre>\n
Faza 2<\/p>\n
root@srx_lab> show security ipsec security-associations            \r\n  Total active tunnels: 2\r\n  ID    Algorithm       SPI      Life:sec\/kb  Mon lsys Port  Gateway   \r\n  <3    ESP:aes-cbc-256\/sha1 6ac39d90 2004\/  4607995 - root 500 192.168.1.201   \r\n  >3    ESP:aes-cbc-256\/sha1 3d8b1728 2004\/  4607995 - root 500 192.168.1.201   \r\n  <2    ESP:aes-cbc-256\/sha1 197758a2 1994\/ unlim - root 500  192.168.1.210   \r\n  >2    ESP:aes-cbc-256\/sha1 9c6bae7b 1994\/ unlim - root 500  192.168.1.210   \r\n\r\nroot@srx_lab> show security ipsec security-associations index 2 \r\n  ID: 2 Virtual-system: root, VPN Name: ike-vpn-palo\r\n  Local Gateway: 192.168.1.2, Remote Gateway: 192.168.1.210\r\n  Local Identity: ipv4_subnet(any:0,[0..7]=10.10.10.0\/24)\r\n  Remote Identity: ipv4_subnet(any:0,[0..7]=10.20.1.0\/24)\r\n  Version: IKEv1\r\n    DF-bit: clear\r\n    Policy-name: vpn-tr-untr02\r\n  Port: 500, Nego#: 1, Fail#: 0, Def-Del#: 0 Flag: 0x600829 \r\n  Last Tunnel Down Reason: SA not initiated\r\n    Direction: inbound, SPI: 197758a2, AUX-SPI: 0\r\n                              , VPN Monitoring: -\r\n    Hard lifetime: Expires in 1988 seconds\r\n    Lifesize Remaining:  Unlimited\r\n    Soft lifetime: Expires in 1366 seconds\r\n    Mode: Tunnel(0 0), Type: dynamic, State: installed\r\n    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (256 bits)\r\n    Anti-replay service: counter-based enabled, Replay window size: 64\r\n\r\n    Direction: outbound, SPI: 9c6bae7b, AUX-SPI: 0\r\n                              , VPN Monitoring: -\r\n    Hard lifetime: Expires in 1988 seconds\r\n    Lifesize Remaining:  Unlimited\r\n    Soft lifetime: Expires in 1366 seconds\r\n    Mode: Tunnel(0 0), Type: dynamic, State: installed\r\n    Protocol: ESP, Authentication: hmac-sha1-96, Encryption: aes-cbc (256 bits)\r\n    Anti-replay service: counter-based enabled, Replay window size: 64\r\n<\/pre>\n
Palo<\/p>\n
Faza 1<\/p>\n
admin@PA-VM> show vpn ike-sa gateway IKE-SRX-GW \r\n\r\nphase-1 SAs\r\nGwID\/client IP  Peer-Address           Gateway Name           Role Mode Algorithm          Established     Expiration      V  ST Xt Phase2\r\n--------------- ------------           ------------           ---- ---- ---------          -----------     ----------      -  -- -- ------\r\n              1 192.168.1.2            IKE-SRX-GW             Resp Main PSK\/DH2\/A256\/SHA1 Aug.30 14:26:34 Aug.30 15:26:34 v1 12  2      1 \r\n\r\nShow IKEv1 IKE SA: Total 1 gateways found. 1 ike sa found.\r\n\r\nphase-2 SAs\r\nGwID\/client IP  Peer-Address           Gateway Name           Role Algorithm               SPI(in)  SPI(out) MsgID    ST Xt\r\n--------------- ------------           ------------           ---- ---------               -------  -------- -----    -- --\r\n              1 192.168.1.2            IKE-SRX-GW             Resp DH2 \/tunl\/ESP\/A256\/SHA1 9C6BAE7B 197758A2 552A3DCF  9  1 \r\n\r\nShow IKEv1 phase2 SA: Total 1 gateways found. 1 ike sa found.<\/pre>\n
Faza 2<\/p>\n
admin@PA-VM> show vpn ipsec-sa tunnel IPSEC-PALO_SRX:palo-srx \r\n\r\nGwID\/client IP  TnID Peer-Address           Tunnel(Gateway)                                Algorithm     SPI(in)  SPI(out) life(Sec\/KB)\r\n--------------- ---- ------------           ---------------                                ---------     -------  -------- ------------\r\n              1    1 192.168.1.2            IPSEC-PALO_SRX:palo-srx(IKE-SRX-GW)            ESP\/A256\/SHA1 9C6BAE7B 197758A2   1650\/0\r\n\r\nShow IPSec SA: Total 1 tunnels found. 1 ipsec sa found.\r\n<\/pre>\n
 <\/p>\n
 <\/p>\n
 <\/p>\n","protected":false},"excerpt":{"rendered":"
Dzi\u015b przyszed\u0142 czas na lab z wykorzystaniem urz\u0105dze\u0144 Juniper SRX oraz Palo Alto Networks. Skupi\u0119 si\u0119 w tym wpisie na skonfigurowaniu po\u0142\u0105czenia VPN Ipsec pomi\u0119dzy tymi urz\u0105dzeniami. za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Palo SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 10.20.10.0\/24 10.10.10.0\/24 Palo SRX Interfejs z […]<\/p>\n","protected":false},"author":1,"featured_media":304,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":true,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"enabled":false},"version":2}},"categories":[5,84,78],"tags":[74,83,77,70,346,79,81,80,82,75,30],"class_list":["post-292","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-juniper","category-lab","category-palo-alto","tag-cli","tag-faza","tag-ipsec","tag-juniper","tag-pa-srx-ipsec","tag-palo","tag-palo-alto-networks","tag-paloalto","tag-phase","tag-srx","tag-vpn"],"yoast_head":"\nLAB - IPSEC SRX  PALO - SafeKom Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LAB - IPSEC SRX  PALO - SafeKom Blog\" \/>\n<meta property=\"og:description\" content=\"Dzi\u015b przyszed\u0142 czas na lab z wykorzystaniem urz\u0105dze\u0144 Juniper SRX oraz Palo Alto Networks. Skupi\u0119 si\u0119 w tym wpisie na skonfigurowaniu po\u0142\u0105czenia VPN Ipsec pomi\u0119dzy tymi urz\u0105dzeniami. za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Palo SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 10.20.10.0\/24 10.10.10.0\/24 Palo SRX Interfejs z […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/\" \/>\n<meta property=\"og:site_name\" content=\"SafeKom Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/safekompl\" \/>\n<meta property=\"article:published_time\" content=\"2015-08-30T13:57:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-10-28T06:25:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"566\" \/>\n\t<meta property=\"og:image:height\" content=\"680\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:site\" content=\"@MIwaczuk\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"Micha\u0142 Iwa\u0144czuk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minut\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/\"},\"author\":{\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181\"},\"headline\":\"LAB – IPSEC SRX PALO\",\"datePublished\":\"2015-08-30T13:57:59+00:00\",\"dateModified\":\"2016-10-28T06:25:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/\"},\"wordCount\":171,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"keywords\":[\"cli\",\"faza\",\"ipsec\",\"Juniper\",\"pa srx ipsec\",\"Palo\",\"Palo Alto Networks\",\"PaloAlto\",\"phase\",\"srx\",\"vpn\"],\"articleSection\":[\"Juniper\",\"Lab\",\"Palo Alto\"],\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/\",\"url\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/\",\"name\":\"LAB - IPSEC SRX PALO - SafeKom Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"datePublished\":\"2015-08-30T13:57:59+00:00\",\"dateModified\":\"2016-10-28T06:25:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage\",\"url\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1\",\"width\":566,\"height\":680},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\/\/www.safekom.pl\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"LAB – IPSEC SRX PALO\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#website\",\"url\":\"https:\/\/www.safekom.pl\/blog\/\",\"name\":\"SafeKom Blog\",\"description\":\"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem\",\"publisher\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.safekom.pl\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#organization\",\"name\":\"SafeKom Blog\",\"url\":\"https:\/\/www.safekom.pl\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1\",\"width\":512,\"height\":512,\"caption\":\"SafeKom Blog\"},\"image\":{\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/safekompl\",\"https:\/\/x.com\/MIwaczuk\",\"https:\/\/www.linkedin.com\/in\/michaliwanczuk\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181\",\"name\":\"Micha\u0142 Iwa\u0144czuk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g\",\"caption\":\"Micha\u0142 Iwa\u0144czuk\"},\"description\":\"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\/7\/365.\",\"url\":\"https:\/\/www.safekom.pl\/blog\/author\/admin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LAB - IPSEC SRX  PALO - SafeKom Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/","og_locale":"pl_PL","og_type":"article","og_title":"LAB - IPSEC SRX  PALO - SafeKom Blog","og_description":"Dzi\u015b przyszed\u0142 czas na lab z wykorzystaniem urz\u0105dze\u0144 Juniper SRX oraz Palo Alto Networks. Skupi\u0119 si\u0119 w tym wpisie na skonfigurowaniu po\u0142\u0105czenia VPN Ipsec pomi\u0119dzy tymi urz\u0105dzeniami. za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Palo SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 10.20.10.0\/24 10.10.10.0\/24 Palo SRX Interfejs z […]","og_url":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/","og_site_name":"SafeKom Blog","article_publisher":"https:\/\/www.facebook.com\/safekompl","article_published_time":"2015-08-30T13:57:59+00:00","article_modified_time":"2016-10-28T06:25:33+00:00","og_image":[{"width":566,"height":680,"url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","type":"image\/png"}],"author":"Micha\u0142 Iwa\u0144czuk","twitter_card":"summary_large_image","twitter_creator":"@MIwaczuk","twitter_site":"@MIwaczuk","twitter_misc":{"Napisane przez":"Micha\u0142 Iwa\u0144czuk","Szacowany czas czytania":"7 minut"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#article","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/"},"author":{"name":"Micha\u0142 Iwa\u0144czuk","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181"},"headline":"LAB – IPSEC SRX PALO","datePublished":"2015-08-30T13:57:59+00:00","dateModified":"2016-10-28T06:25:33+00:00","mainEntityOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/"},"wordCount":171,"commentCount":0,"publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","keywords":["cli","faza","ipsec","Juniper","pa srx ipsec","Palo","Palo Alto Networks","PaloAlto","phase","srx","vpn"],"articleSection":["Juniper","Lab","Palo Alto"],"inLanguage":"pl-PL","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/","url":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/","name":"LAB - IPSEC SRX PALO - SafeKom Blog","isPartOf":{"@id":"https:\/\/www.safekom.pl\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","datePublished":"2015-08-30T13:57:59+00:00","dateModified":"2016-10-28T06:25:33+00:00","breadcrumb":{"@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/"]}]},{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#primaryimage","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","width":566,"height":680},{"@type":"BreadcrumbList","@id":"https:\/\/www.safekom.pl\/blog\/juniper\/lab-ipsec-srx-palo\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/www.safekom.pl\/blog\/"},{"@type":"ListItem","position":2,"name":"LAB – IPSEC SRX PALO"}]},{"@type":"WebSite","@id":"https:\/\/www.safekom.pl\/blog\/#website","url":"https:\/\/www.safekom.pl\/blog\/","name":"SafeKom Blog","description":"Notatki Architekta i in\u017cyniera zwi\u0105zanego rozwi\u0105zaniami on-prem","publisher":{"@id":"https:\/\/www.safekom.pl\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.safekom.pl\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/www.safekom.pl\/blog\/#organization","name":"SafeKom Blog","url":"https:\/\/www.safekom.pl\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/05\/cropped-logo.png?fit=512%2C512&ssl=1","width":512,"height":512,"caption":"SafeKom Blog"},"image":{"@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/safekompl","https:\/\/x.com\/MIwaczuk","https:\/\/www.linkedin.com\/in\/michaliwanczuk\/"]},{"@type":"Person","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/fd4cc931b624af4b7353d36d92ba7181","name":"Micha\u0142 Iwa\u0144czuk","image":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/www.safekom.pl\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cc6dda4ee8d21d1f254147e5ee6f5e38881b88a4a12a5774ca42380597e52014?s=96&d=mm&r=g","caption":"Micha\u0142 Iwa\u0144czuk"},"description":"Pasjonat komputerowy od zawsze oraz maniak w zakresie sieci, wirtualizacji oraz bezpiecze\u0144stwa IT. Kompetentny in\u017cynier z du\u017cym do\u015bwiadczeniem w realizacji projekt\u00f3w informatycznych i telekomunikacyjnych. Wieloletni administrator IT, kt\u00f3ry utrzymuje systemy informatyczne dostosowuj\u0105c je do wymog\u00f3w biznesowych z zapewnieniem dost\u0119pno\u015bci 24\/7\/365.","url":"https:\/\/www.safekom.pl\/blog\/author\/admin\/"}]}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p7i9ri-4I","jetpack-related-posts":[{"id":171,"url":"https:\/\/www.safekom.pl\/blog\/cisco\/lab-ipsec-juniper-srx-cisco-router\/","url_meta":{"origin":292,"position":0},"title":"Lab – IPSEC Juniper SRX – Cisco router","author":"Micha\u0142 Iwa\u0144czuk","date":"21.08.2015","format":false,"excerpt":"Dzi\u015b postanowi\u0142em opisa\u0107 troch\u0119 labowania, temat ostatnio bardzo mocno przerabiany IPSEC. Poni\u017cej opisz\u0119 wariant policy base vpn, kt\u00f3ry jest bardzo elastyczny. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 3600s Faza 2 aes256 sha-1 pfs g2 3600s Cisco Juniper SRX Sieci kt\u00f3re b\u0119d\u0105 podlega\u0142y szyfrowaniu 172.16.10.0\/24 10.10.10.0\/24 Cisco Juniper SRX Interfejs\u2026","rel":"","context":"In "Cisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/junos_multicolor_burst.png?fit=361%2C393&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":647,"url":"https:\/\/www.safekom.pl\/blog\/lab\/lab_ipsec_palo_ciscoasa\/","url_meta":{"origin":292,"position":1},"title":"LAB –  IPSec Palo – Cisco ASA","author":"Micha\u0142 Iwa\u0144czuk","date":"23.03.2016","format":false,"excerpt":"Poni\u017cej pokazuj\u0119 jak zestawia\u0107 po\u0142\u0105czenie IPsec pomi\u0119dzy PaloAlto Networks a Cisco ASA. W mym przypadku oba urz\u0105dzenia s\u0105 w wersji wirtualnej ale konfiguracja ich odpowiada tak jak by\u015bmy konfigurowali urz\u0105dzenia fizyczne. Za\u0142o\u017cenia: Faza 1 aes256 sha-1 pfs g2 86400s Faza 2 aes256 sha-1 pfs g2 28800s Palo Cisco ASA Sieci\u2026","rel":"","context":"In "Cisco"","block_context":{"text":"Cisco","link":"https:\/\/www.safekom.pl\/blog\/category\/cisco\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":676,"url":"https:\/\/www.safekom.pl\/blog\/palo-alto\/palo-generator-configow-vpn\/","url_meta":{"origin":292,"position":2},"title":"Palo – Generator config\u00f3w VPN","author":"Micha\u0142 Iwa\u0144czuk","date":"24.03.2016","format":false,"excerpt":"W nap\u0142ywie mocy stworzy\u0142em ma\u0142ego Excela z generatorem konfig\u00f3w po\u0142\u0105cze\u0144 IPSec, jest to na chwil\u0119 wersja uboga ale mam nadziej\u0119 z czasem uda mi si\u0119 doda\u0107 wi\u0119cej funkcji. Na chwil\u0119 obecn\u0105 obs\u0142uguje vpn'y w trybie main z PSK. wersja 0.2 poprawione b\u0142\u0119dy, dodanie opis\u00f3w p\u00f3l, uporz\u0105dkowanie leciutkie. Plik generatora(potrzeba w\u0142\u0105czenia\u2026","rel":"","context":"In "Palo Alto"","block_context":{"text":"Palo Alto","link":"https:\/\/www.safekom.pl\/blog\/category\/palo-alto\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/Paloalto_logo.png?fit=566%2C680&ssl=1&resize=525%2C300 1.5x"},"classes":[]},{"id":465,"url":"https:\/\/www.safekom.pl\/blog\/juniper\/juniper-ograniczenie-dostepu-do-ike\/","url_meta":{"origin":292,"position":3},"title":"Juniper – Ograniczenie dost\u0119pu do IKE","author":"Micha\u0142 Iwa\u0144czuk","date":"30.12.2015","format":false,"excerpt":"Co zrobi\u0107 aby na urz\u0105dzeniu na kt\u00f3rym jest uruchomiona us\u0142uga IKE na skanach bezpiecze\u0144stwa nie pojawia\u0142o si\u0119 \u017ce jest w\u0142\u0105czony aggressive mode. Najszybciej b\u0119dzie za\u0142o\u017cenie filtru kt\u00f3ry b\u0119dzie nam dopuszcza\u0142 wybrane adresy peer\u00f3w do us\u0142ugi IKE i ESP Definiujemy grup\u0119 w kt\u00f3rej b\u0119dzie lista adres\u00f3w IP i sieci kt\u00f3re b\u0119d\u0105\u2026","rel":"","context":"In "Juniper"","block_context":{"text":"Juniper","link":"https:\/\/www.safekom.pl\/blog\/category\/juniper\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2567,"url":"https:\/\/www.safekom.pl\/blog\/vmware\/nsx\/nsx-t-ipsec-route-base\/","url_meta":{"origin":292,"position":4},"title":"NSX-t IPSec Route base","author":"Micha\u0142 Iwa\u0144czuk","date":"26.03.2020","format":false,"excerpt":"W dzisiejszym wpisie przedstawi\u0119 konfiguracj\u0119 NSX-t IPSec Route base, jest to\u00a0 opis krok po kroku jak skonfigurowa\u0107 IPseca po stronie NSX'a oraz Vyos kt\u00f3ry b\u0119dzie uczestnikiem IPseca.\u00a0 Za\u0142o\u017cenia Poni\u017cej rysunek pogl\u0105dowy jak wygl\u0105da topologia po\u0142\u0105cze\u0144. Pomi\u0119dzy routerem T0 i chmurk\u0105 ju\u017c istnieje po\u0142\u0105czenie oraz jest zestawione s\u0105siedztwo BGP w celu\u2026","rel":"","context":"In "NSX"","block_context":{"text":"NSX","link":"https:\/\/www.safekom.pl\/blog\/category\/vmware\/nsx\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2018\/01\/Autobot_symbol.png?fit=1012%2C946&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":255,"url":"https:\/\/www.safekom.pl\/blog\/juniper\/junos-waring-boot-from-backup\/","url_meta":{"origin":292,"position":5},"title":"Junos – waring boot from backup","author":"Micha\u0142 Iwa\u0144czuk","date":"20.08.2015","format":false,"excerpt":"czasem po nie oczekiwanym w\u0142\u0105czeniu urz\u0105dzenie z Junosem widzimy taki komunikat: *********************************************************************** ** ** ** WARNING: THIS DEVICE HAS BOOTED FROM THE BACKUP JUNOS IMAGE ** ** ** ** It is possible that the primary copy of JUNOS failed to boot up ** ** properly, and so this device has\u2026","rel":"","context":"In "Juniper"","block_context":{"text":"Juniper","link":"https:\/\/www.safekom.pl\/blog\/category\/juniper\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.safekom.pl\/blog\/wp-content\/uploads\/2015\/08\/junos_multicolor_burst.png?fit=361%2C393&ssl=1&resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/comments?post=292"}],"version-history":[{"count":0,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/posts\/292\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media\/304"}],"wp:attachment":[{"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/media?parent=292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/categories?post=292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.safekom.pl\/blog\/wp-json\/wp\/v2\/tags?post=292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}