Policy: MS_DYNAPP, action-type: permit, services-offload:not-configured , State: enabled, Index: 25 0 Policy Type: Configured It seems that the KRB5 dynamic application only allows UDP. However, Kerberos can operate over both UDP and TCP. Looks like Juniper isn't aware of this :)

You can also use show security match-policies to check what policies get applied. Reference: https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/command/show-security-match-policies.html ------------------------------ Nikolay Semov ------------------------------

I haven't used it for JSC specifically, but generally NPS works fine with JunOS. Since you're getting rejections from the NPS, check its logs to see if you can see any clues for the rejection. You can also experiment with the authentication methods on the Constraints tab of the policy that's supposed ...

That's surprising. I have a 340 which did raise a minor alarm about this not too long ago. If you have auto-snapshot enabled, though, you wouldn't get an alarm. ------------------------------ Nikolay Semov ------------------------------

Hi All, I am trying to upgrade our SRXs from version 15.1X49-D170.4 to version 19.4R3-S3 as it seems to be the recommended upgrade path from Juniper.net: <https://www.juniper.net/documentation/us/en/software/junos/srx-upgrade/topics/concept/upgrade-paths.html> ...

Hi, Does anyone already faced one issue related to SRX300 sending malformed BGP OPEN messages, without marker, type and so on. We only see the following pattern in the TCP payload: 12 03 AB CD. These packets cause the remote peer to drop the connection due to Synchronization Problem. The SRX is ...

I use this policy to allow users to authenticate in the Windows domain : policy MS_DYNAPP { match { source-address any; destination-address [ DC1 DC2 ]; dynamic-application [ junos:LDAP junos:CLDAP junos:NBNS junos:MSRPC junos:SMB junos:KRB5 ]; } then { ...