PlayStation Network (Xbox Live) NAT Type 3 to NAT Type 2 on Juniper SRX with dynamic public IP address

Are you using Juniper SRX at your home (or work place)?
Do you like to play video games, but having problems with your services such as unable to talk to your teammates, downloading your games, etc.?

Well, I hope this post would help you. I was having the same problems with my PlayStation services at home. When I went to [Network] > [Test Internet Connection], and ran the test, everything was successful except that I got Nat Type 3. I could still play with online, but could not play with friends online, and I could not hear my friends talking (vice versa).

As most gamers know, these gaming systems (PlayStation or Xbox) use Universal Plug and Play (UPnP); and most home routers have these feature where you can just log in to your off-the-shelf router and enable UPnP feature, and you are pretty much good to go.

However, Juniper SRX does not have UPnP feature since SRX is an enterprise firewall/router. My guess is the reason why UPnP is not available to SRX is security concern that UPnP introduce since UPnP let the gaming console to decide what ports need to be allowed from the Internet inbound through the firewall. Here is a short read about UPnP security risk.

Since SRX does not support UPnP, what we can do is configure destination NAT.
Here are the two requirements before implementing this to your network:

  • Static public IP address (can be done with dynamic public IP address as well)
  • Static or reserved IP address for your PlayStation, Xbox console or Vita
  • Gather the required ports for the services

I am assuming that your SRX is already running and the NAT-ing is already configured. The configuration below is done for Playstation 4 and PS Vita. If you have an Xbox, the process should be the same just a matter of finding the proper port numbers for your console services.

According to what I have found, these are the ports that needs to be opened. Also, for some specific games, you may need to open some specific ports for that particular game. The process should be the same you just need to add more lines to your config.

TCP ports: 80, 443, 465, 983, 3478 – 3480, 3658, 5223, 6000 – 7000, 9293, 10070 – 10080
UDP ports: 3478 – 3480, 3658, 6000 – 7000, 10070 – 10080

Here is the topology of what this network in question look like and the IP scheme that I have in this example.

Figure 1

Figure 1

You would need configure your console’s IP address either set it as static IP or DHCP and create an IP reservation for its MAC address. Whatever method you use doesn’t really matter, as long as your console will have the same IP address all the time. In my case, I reserved an IP address for my gaming consoles.

You would need to create some applications that are need to be allowed inbound from the untrust network. This will be used later on. I also created an application-set to put all these individual applications in a group just to make my config easier. Also, you don’t need to create a new application for port 80 and 443 since JunOS already have them (junos-http and junos-https) preconfigured. I already created my own, so that I know I have them.

karlo@BFWSRX> show configuration applications 
application PLAYSTATION-80 {
   protocol tcp;
   destination-port 80;
}
application PLAYSTATION-443 {
   protocol tcp;
   destination-port 443;
}
application PLAYSTATION-465 {
   protocol tcp;
   destination-port 465;
}
application PLAYSTATION-983 {
   protocol tcp;
   destination-port 983;
}
application PLAYSTATION-3478-3480 {
   protocol tcp;
   destination-port 3478-3480;
}
application PLAYSTATION-3658 {
   protocol tcp;
   destination-port 3658;
} 
application PLAYSTATION-5223 {
   protocol tcp;
   destination-port 5223;
}
application PLAYSTATION-6000-7000 {
   protocol tcp;
   destination-port 6000-7000;
}
application PLAYSTATION-9293 {
   protocol tcp;
   destination-port 9293;
}
application PLAYSTATION-10070-10080 {
   protocol tcp;
   destination-port 10070-10080;
}
application PLAYSTATION-UDP-3478-3480 {
   protocol udp;
   destination-port 3478-3480;
}
application PLAYSTATION-UDP-3658 {
   protocol udp;
   destination-port 3658; 
}
application PLAYSTATION-UDP-6000-7000 {
   protocol udp;
   destination-port 6000-7000;
}
application PLAYSTATION-UDP-10070-10080 {
   protocol udp;
   destination-port 10070-10080;
}
application PLAYSTATION-3479 {
   protocol tcp;
   destination-port 3479;
}
application-set PLAYSTATION-APP-SET {
    application PLAYSTATION-80;
    application PLAYSTATION-443;
    application PLAYSTATION-465;
    application PLAYSTATION-983;
    application PLAYSTATION-3478-3480;
    application PLAYSTATION-3658;
    application PLAYSTATION-5223;
    application PLAYSTATION-6000-7000;
    application PLAYSTATION-9293; 
    application PLAYSTATION-10070-10080;
    application PLAYSTATION-UDP-3658;
    application PLAYSTATION-UDP-3478-3480;
    application PLAYSTATION-UDP-10070-10080;
    application PLAYSTATION-UDP-6000-7000;
    application PLAYSTATION-3479;
}

Create an address book for your consoles. In my case, they will be my PS Vita and Playstation 4. This is going to be used for the policies.

karlo@BFWSRX> show configuration security zones security-zone trust 
address-book {
    address PLAYSTATION4-BOOK 172.16.1.12/32;
    address PSVITA-BOOK 172.16.1.14/32;
}
address-set PLAYSTATION-BOOK-SET {
    address PSVITA-BOOK;
    address PLAYSTATION4-BOOK;
    }
}

Now, that we have created the custom applications, and address books for the PlayStation 4 and Vita, we are going to configure the NAT-ing for these devices. In my case, I have a dynamic IP address from the ISP. Therefore, the configuration is going to be slightly different than having a static IP from the ISP.

What is going to happen here since we only have one public IP, only one device can go out to the Internet either the PS4 or the Vita. Let’s say if the PS4 go online first then the Vita, the PS Vita won’t be able to connect to the Internet. You will notice this on your Vita because you will get a message stating about DNS error. The reason for this is PS4 is currently using the public IP on port 53 and the SRX is not allowing the Vita to go out with the same public IP and port number. However, you other home devices should be able to go out to the Internet with no problem. Why is that? Well, let’s go to the config because it would make more sense there.

# This is a local host that I have. If you can see, the host source-port is 55923. However, the SRX changes the source-port to 28584.
karlo@BFWSRX> show security flow session nat source-prefix 172.16.1.20 
Session ID: 54664, Policy name: trust-to-untrust/5, Timeout: 1732, Valid
 In: 172.16.1.11.20/55923 --> 17.172.232.192/5223;tcp, If: vlan.11, Pkts: 971, Bytes: 85156
 Out: 17.172.232.192/5223 --> 192.168.0.2/28584;tcp, If: fe-0/0/0.0, Pkts: 975, Bytes: 98304

# This is the Playstation 4 source NAT. If you noticed, the PS4 source NAT did not changet.
karlo@BFWSRX> show security flow session nat source-prefix 10.0.11.12 
Session ID: 219731, Policy name: trust-to-untrust/5, Timeout: 1784, Valid
 In: 172.16.1.12/50183 --> 54.68.149.134/443;tcp, If: vlan.11, Pkts: 2091, Bytes: 181150
 Out: 54.68.149.134/443 --> 192.168.0.2/50183;tcp, If: fe-0/0/0.0, Pkts: 1062, Bytes: 129352
Total sessions: 1


Anyways, make sure that your PlayStation source NAT is before the regular source NAT as shown below. Therefore, that Playstation source NAT will be applied once the SRX sees their IP addresses. Use the insert command.

# Here is an example to insert the Playstation rule before the permit all.
[edit security nat source rule-set TRUST-NAT-OVERLOAD]
karlo@BFWSRX# insert rule PLAYSTATION4-SOURCE-NAT-RULE before rule PERMIT-TRUST-NAT

# Repeat this if needed. The result is the config below.
karlo@BFWSRX> show configuration security nat source 
pool PLAYSTATION-PUB-IP-POOL {
     address {
         192.168.0.2/32 to 192.168.0.2/32
     }
     port no-translation;
}
rule-set TRUST-NAT-OVERLOAD {
    from zone trust;
    to zone untrust;
    rule PSVITA-SOURCE-NAT-RULE {
        match {
            source-address 172.16.1.11.14/32;
        } 
        then {
            source-nat {
                pool {
                    PLAYSTATION-PUB-IP-POOL;
                }
            }
       }
 }
 rule PLAYSTATION4-SOURCE-NAT-RULE {
       match {
           source-address 172.16.1.12/32;
       }
       then {
          source-nat {
               pool {
                   PLAYSTATION-PUB-IP-POOL;
               }
          }
      }
 }
 rule PERMIT-TRUST-NAT {
      match {
          source-address 0.0.0.0/0; 
      }
      then {
         source-nat {
              interface;
              }
         }
     }
}

As you can see the NAT config above, I only have one public IP, which is 192.168.0.2/32 and will be assigned to either PS4 or PS Vita whichever goes online first. This will be a one-to-one mapping and the port address will be change after the translation. The command port no-translation will be responsible for not changing the port numbers after the address translation. The reason why your other devices are still able to surf the Internet with no problem is because SRX changes the port numbers when NAT-ing.

After configuring the source NAT, we are going to configure the destination NAT or port forwarding. First, we need to configure the destination NAT pool for both devices then the destination NAT.

karlo@BFWSRX> show configuration security nat destination | no-more 
pool PLAYSTATION4-DNAT-POOL {
   description "PLAYSTATION DEST. NAT POOL";
   address 172.16.1.12/32;
}
pool PSVITA-DNAT-POOL {
   description "PSVITA DEST. NAT POOL";
   address 172..16.1.14/32;
}
rule-set PLAYSTATION-DNAT-RULE-SET {
    description "PLAYSTATION DEST. NAT RULE SET";
    from zone untrust;
    rule PSVITA-TCP-80 {
       match {
           destination-address 0.0.0.0/0;
           destination-port {
               80;
           }
           protocol tcp;
      }
      then {
           destination-nat {
               pool {
                   PSVITA-DNAT-POOL;
               }
           }
       }
 }
    rule PSVITA-TCP-443 {
       match {
           destination-address 0.0.0.0/0;
           destination-port {
               443;
           }
           protocol tcp;
      }
      then {
           destination-nat {
               pool {
                   PSVITA-DNAT-POOL;
               }
           }
      }
 }
   rule PSVITA-TCP-465 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              465;
          }
          protocol tcp;
     }
     then {
          destination-nat {
              pool {
                 PSVITA-DNAT-POOL;
              }
          }
     }
 }
   rule PSVITA-TCP-983 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              983;
          }
          protocol tcp;
      }
      then {
          destination-nat {
              pool {
                 PSVITA-DNAT-POOL;
              }
          }
      }
 }
   rule PSVITA-TCP-3658 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              3658;
          }
          protocol tcp;
      }
      then {
          destination-nat {
              pool {
                 PSVITA-DNAT-POOL;
              }
          }
      }
 }
   rule PSVITA-TCP-5223 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              5223;
          }
          protocol tcp;
     }
     then {
         destination-nat {
              pool {
                 PSVITA-DNAT-POOL;
            }
        }
     }
 }
   rule PSVITA-TCP-9293 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              9293;
          }
          protocol tcp;
     }
     then {
          destination-nat {
              pool {
                 PSVITA-DNAT-POOL;
              }
          }
      }
 }
   rule PSVITA-UDP-3479 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              3479;
          }
          protocol udp;
      }
      then {
          destination-nat {
              pool {
                 PSVITA-DNAT-POOL;
              }
          }
      }
 }
   rule PSVITA-UDP-3658 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              3658;
          }
          protocol udp;
      }
      then {
         destination-nat {
             pool {
                PSVITA-DNAT-POOL;
             }
         }
     }
 }
   rule PS4-TCP-80 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              80;
          }
          protocol tcp;
      }
      then {
          destination-nat {
              pool {
                 PLAYSTATION4-DNAT-POOL;
              }
          }
      }
 }
   rule PS4-TCP-443 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              443;
          }
          protocol tcp;
     }
     then {
          destination-nat {
              pool {
                 PLAYSTATION4-DNAT-POOL;
              }
          }
      }
 }
   rule PS4-TCP-465 {
       match {
           destination-address 0.0.0.0/0;
           destination-port {
               465;
           }
           protocol tcp;
      }
      then {
         destination-nat {
             pool {
                PLAYSTATION4-DNAT-POOL;
             }
          }
      }
 }
   rule PS4-TCP-983 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              983;
          }
          protocol tcp;
      }
      then {
          destination-nat {
              pool {
                 PLAYSTATION4-DNAT-POOL;
              }
          }
      }
 }
   rule PS4-TCP-3658 {
      match {
           destination-address 0.0.0.0/0;
           destination-port {
               3658;
           }
           protocol tcp;
      }
      then {
           destination-nat {
               pool {
                  PLAYSTATION4-DNAT-POOL;
               }
           }
      }
 }
   rule PS4-TCP-5223 {
      match {
           destination-address 0.0.0.0/0;
           destination-port {
               5223;
           }
           protocol tcp;
      }
      then {
           destination-nat {
               pool {
                  PLAYSTATION4-DNAT-POOL;
               }
           }
      }
 }
   rule PS4-TCP-9293 {
      match {
           destination-address 0.0.0.0/0;
           destination-port {
               9293;
           }
           protocol tcp;
      }
      then {
           destination-nat {
               pool {
                  PLAYSTATION4-DNAT-POOL;
               }
           }
      }
 }
   rule PS4-UDP-3479 {
       match {
            destination-address 0.0.0.0/0;
            destination-port {
                3479;
            }
            protocol udp;
       }
       then {
            destination-nat {
                pool {
                   PLAYSTATION4-DNAT-POOL;
                }
            }
       }
 }
   rule PS4-UDP-3658 {
       match {
            destination-address 0.0.0.0/0;
            destination-port {
                3658;
            }
            protocol udp;
       }
       then {
            destination-nat {
                pool {
                   PLAYSTATION4-DNAT-POOL;
                }
            }
      }
 }
   rule PSVITA-TCP-3478-3480 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              3478 to 3480;
          }
          protocol tcp;
      }
      then {
          destination-nat {
              pool {
                 PSVITA-DNAT-POOL;
              }
         }
     }
 }
   rule PS4-TCP-3479-3480 {
       match {
           destination-address 0.0.0.0/0;
           destination-port {
               3478 to 3480;
           }
           protocol tcp;
       }
       then {
            destination-nat {
                pool {
                    PLAYSTATION4-DNAT-POOL;
                }
            }
       }
 }
   rule PS4-UDP-6000-7000 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              6000 to 7000;
          }
          protocol udp;
      }
      then {
          destination-nat {
              pool {
                 PLAYSTATION4-DNAT-POOL;
              }
          }
      }
 }
   rule PSVITA-UDP-6000-7000 {
       match {
           destination-address 0.0.0.0/0;
           destination-port {
               6000 to 7000;
           }
           protocol udp;
       }
       then {
           destination-nat {
               pool {
                  PSVITA-DNAT-POOL;
               }
           }
      }
 }
   rule PS4-TCP-6000-7000 {
       match {
           destination-address 0.0.0.0/0;
           destination-port {
               6000 to 7000;
           }
           protocol [ udp tcp ];
       }
       then {
           destination-nat {
               pool {
                  PLAYSTATION4-DNAT-POOL;
               }
           }
      }
 }
   rule PSVITA-TCP-6000-7000 {
      match {
          destination-address 0.0.0.0/0;
          destination-port {
              6000 to 7000;
          }
          protocol [ udp tcp ];
      }
      then {
          destination-nat {
              pool {
                  PSVITA-DNAT-POOL;
              }
          }
      }
 }
   rule PS4-TCP-10070-10080 {
       match {
            destination-address 0.0.0.0/0;
            destination-port {
                10070 to 10080;
            }
            protocol [ udp tcp ];
       }
       then {
            destination-nat {
                pool {
                     PLAYSTATION4-DNAT-POOL;
                }
            }
       }
 }
   rule PSVITA-TCP-10070-10080 {
       match {
            destination-address 0.0.0.0/0;
            destination-port {
                10070 to 10080;
            }
            protocol [ udp tcp ];
       }
       then {
           destination-nat {
               pool {
                   PSVITA-DNAT-POOL;
               }
           }
      }
 }
   rule PS4-UDP-3478-3480 {
       match {
            destination-address 0.0.0.0/0;
            destination-port {
                3478 to 3480;
            }
            protocol udp;
      }
      then {
           destination-nat {
                pool {
                    PLAYSTATION4-DNAT-POOL;
                }
           }
      }
 }
   rule PSVITA-UDP-3478-3480 {
       match {
            destination-address 0.0.0.0/0;
            destination-port {
                3478 to 3480;
            }
            protocol udp;
       }
       then {
            destination-nat {
                pool {
                     PSVITA-DNAT-POOL;
                }
            }
      }
 }

Now, the create a security policy from the untrust network inbound to trust based on the destination NAT. This is where you are going to apply the address-book and the custom application we have created earlier.

karlo@BFWSRX> show configuration security policies from-zone untrust to-zone trust policy UNTRUST-TO-PLAYSTATION 
match {
    source-address any;
    destination-address PLAYSTATION-BOOK-SET;
    application PLAYSTATION-APP-SET;
}
then {
    permit;
}

Configuration wise this is it. Your gaming console should be able to get NAT type 2 at this point, and your services should work as well as along as you have the right ports opened. However, like I mentioned earlier, only one device can go out the network due to the source NAT we have. Therefore, you can’t have both PS4 and PS Vita online at the same time unless you have the Vita (or the PS4) on the different wireless network. The fixed to this is scripting, but I don’t know how to script yet. What I do is I would delete the source NAT entry for whatever console that is online.

For instance, if I have the PS4 online, and I would like to switch to Vita. I would need to either join the Vita to a different wireless network or delete the source NAT entry for PS4. If you choose the latter, this is how it is done.

# To show the current sessions of your console.
karlo@BFWSRX> show security flow session nat source-prefix 172.16.1.12 
Session ID: 219731, Policy name: trust-to-untrust/5, Timeout: 1780, Valid
 In: 172.16.1.12/50183 --> 54.68.149.134/443;tcp, If: vlan.11, Pkts: 2156, Bytes: 186738
 Out: 54.68.149.134/443 --> 192.168.0.2/50183;tcp, If: fe-0/0/0.0, Pkts: 1095, Bytes: 133345
Total sessions: 1

# To remove this session, use the following command.
karlo@BFWSRX> clear security flow session nat source-prefix 172.16.1.12 
1 active sessions cleared

# As you can see, after clearing the session, the result of the same show command has 0 sessions.
karlo@BFWSRX> show security flow session nat source-prefix 172.16.1.12 
Total sessions: 0

# I then join the PS Vita to the network. Once the Vita is on the network, the PS4 won't be able to go online.
karlo@BFWSRX> show security flow session nat source-prefix 172.16.1.14 
Session ID: 249737, Policy name: trust-to-untrust/5, Timeout: 1798, Valid
 In: 172.16.1.14/61853 --> 198.107.130.107/5223;tcp, If: vlan.11, Pkts: 12, Bytes: 3152
 Out: 198.107.130.107/5223 --> 192.168.0.2/61853;tcp, If: fe-0/0/0.0, Pkts: 12, Bytes: 3987

Now, to fix the dynamic public IP address we have. You and I know that eventually our dynamic public IP address will change. Once this IP changed, we are going to start getting problems at least for our gaming consoles. Luckily for us, it is only two line commands to fix this.

# Delete the current IP address pool and replace it with the new public IP address pool.
delete security nat source pool PLAYSTATION-PUB-IP-POOL address 
set security nat source pool PLAYSTATION-PUB-IP-POOL address 192.168.1.2/32 to 192.168.1.2/32

This is it! Cheers!!!

Advertisements

About networkshinobi

This blog is about the things I learned about computers and networking to help me to remember them as I push further my studies. I created this blog to help myself to continue my education; and if you find this blog helpful for your studies, that is great. That is one of the reasons why I made this blog, to share my interest and knowledge. Also, all the entries/posts I made are based on my views, opinion and for educational purposes only. If you see some mistakes, feel free to drop some comments. I would appreciate all the helpful comments. Thanks BTC: 14wVPFBWNAKmfNsgUrPpw8EytkXFLjxYoU ETH: 0x8528793dF77a57186f5B15dA6DC1eaA3c5e92c4a LTC : LMpW2rGYnYdUwvnHA4huB6TGcPEEc1JzXw
This entry was posted in Juniper, Misc. and tagged , , , , , , , , , , , , . Bookmark the permalink.

12 Responses to PlayStation Network (Xbox Live) NAT Type 3 to NAT Type 2 on Juniper SRX with dynamic public IP address

  1. Ryan says:

    If I understood you correctly, you said that to fix the issue where the PS4 and the PSVita cannot be on the network at the same time, you have to use scripting if you do not want to modify the configuration file of the srx. Is that correct? If so, do you know of any resources to find out more about this scripting?

  2. repo says:

    Dear networkshinobi,

    Thank you for precious articles.
    I was facing the same problem.
    However, the problem was solved by reading your article.
    I live in Japan.It was very helpful because there is little information on the SRX in Japan.

    Regards,

    • I’m glad that this post helped you with your SRX. Every thanks that I get means a lot and it helps to motivate myself to post more useful info in future.

      Thank you for visiting my blog

  3. Jason says:

    Hi, I’ve been trying to get this working for a while, I ha e an srx 210 running the latest version of Junos, the problem that I see is that there doesn’t appear to be a way of creating destination NAT rules that match a port range like you have in the config above, my srx just reports a syntax error and will only let me enter a single port, without the ability to use a port range to match on I’m left having to make over a thousand NAT rules, can I ask what version of Junos you are running that allowed you to do this?

    I recently experimented with making a very loose matching NAT for this, ie I match on destination address only and specify a wildcard 0.0.0.0/0 address then NAT all that traffic to my PS4 putting all my more specific rules above this in the config so stuff like my ftp server gets matched on a more specific rule then sent to my server instead, then just applied a policy with an app set covering all the ports required, this hasn’t worked so far. The only thing I have done differently is that I do not have a specific source NAT configured for the ps4 and am simply using interface source NAT for everything in my network, can you go into a little more detail as to why you required a one to one source Nat for the ps4?

    Many thanks!

    • Hi, my SRX is on 12.1×47. I believe from this version and later supports port range.

      • Jason says:

        Oh okay, thanks for the reply! Turns out mine wasn’t on the latest version, I remembered I’d swapped it out at some point with a different one (work supplied) and obviously never updated the replacement, I’ll update it tonight and try again.

        Any feedback as to why you are defining a specific source Nat for this? Just curious really as I would have thought the catch all interface source Nat would be all that was required, also, this would negate the need to change the translated public IP when you are assigned a new dynamic one.

        Cheers!

        Jase.

      • You want the more specific to be on the top of the rule list. The catch all should always be placed at the bottom of the list. Think of this an access list. You don’t want your catch all to be the first in list otherwise nothing is going to work.

        Your dynamic IP will change. You will notice it because your NAT type will revert back to Type 3. At this point, just update your public IP pool. Just login to your SRX, and it will only take you 30 seconds to update it 🙂

      • Jason says:

        I understand what you are saying, I guess I just don’t see why you need to specify one when the catch all will work anyway, I only have a single interface source Nat for my network (it’s a very simple home network) and all my outbound traffic from multiple different devices works just fine.

        Regarding the dynamic public address, you are correct I do regularly get a new IP address but what I was saying is that if you use the ‘interface’ source Nat then the translation outbound is just translated to the address that’s on the egress interface, in my case this is assigned via DHCP on the interface so it’s always updated with whatever the new IP I get is, hence why I never need to update the address.

        Anyway, it’s a great article and it’s good to bounce ideas off someone else! I’ll try with my set up and if it doesn’t work I’ll stick a more specific source Nat on there and try again.

        Cheers.!

        Jase.

  4. Jas says:

    Well, i’ve hit a roadblock, 12.1×47 is not supported on the srx 210HE, only the newer H2 model. Back to the drawing board for me!

    • I read an article before that you can still install 12.1X47 but the performance will be slow or something like that.
      My SRX100H2 went bad and I’m currently using my ASA5505, so far I have no problem with ASA and by default my NAT type is 2. Therefore, I didn’t have to mess with NAT.
      I’m planning to replace my ASA with Palo Alto when I get some extra cash.

  5. Sara Cooke says:

    Hey There,

    First of all, I applaud you for writing this. I’ve been trying to figure out how to do this even as a Juniper employee for the last 10 years. Starting with having a 5gt then a ssg5 now SRX. But then again, the first 8 years, I did not work very closely with the SRX platform, now I do. I was wondering if you could email me at sara@juniper.net. I have a couple of questions I’d like to ask off thread. Don’t worry, it’s nothing bad. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s