I have a Juniper SRX100 and a WIN 10 PC connected, but they can't seem to ping each other, although they are on the same subnet

Question

I'm new to Juniper and need some troubleshooting help. I have a Juniper SRX100 and a WIN 10 PC connected, but they can't seem to ping each other, although they are on the same subnet (192.168.10.0/24). Can you please let me know, why they might not be able to ping each other?

On the PC side, All network adapter are disable, except the local area connection to SRX100. I've set a Static IP for PC.

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::9069:d424:ddfa:de04%33
   IPv4 Address. . . . . . . . . . . : 192.168.10.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.10.1

On the SRX side, I have enabled interface fe0/0/3.0 and given the address 192.168.10.1/24. The port is enable. I have commit the following configuration:

    root@SRX100> show configuration
## Last commit: 2016-09-02 10:08:02 UTC by root
version 12.1X46-D45.4;
system {
    host-name SRX100;
    domain-name test.local;
    root-authentication {
        encrypted-password "$1$q2abX0sH$eYJbCSXsAm6Ybw2E62ucN/"; ## SECRET-DATA
    }
}
interfaces {
    fe-0/0/3 {
        unit 0 {
            family inet {
                address 192.168.10.1/24;
            }
        }
    }
}

root@SRX100> show interfaces terse
Interface               Admin Link Proto    Local                 Remote
fe-0/0/0                up    down
gr-0/0/0                up    up
ip-0/0/0                up    up
lt-0/0/0                up    up
mt-0/0/0                up    up
sp-0/0/0                up    up
sp-0/0/0.0              up    up   inet
                                   inet6
sp-0/0/0.16383          up    up   inet     10.0.0.1            --> 10.0.0.16
                                            10.0.0.6            --> 0/0
                                            128.0.0.1           --> 128.0.1.16
                                            128.0.0.6           --> 0/0
fe-0/0/1                up    down
fe-0/0/2                up    down
fe-0/0/3                up    up
fe-0/0/3.0              up    up   inet     192.168.10.1/24
fe-0/0/4                up    down
fe-0/0/5                up    down
fe-0/0/6                up    down
fe-0/0/7                up    down
gre                     up    up
ipip                    up    up
irb                     up    up
lo0                     up    up
lo0.16384               up    up   inet     127.0.0.1           --> 0/0
lo0.16385               up    up   inet     10.0.0.1            --> 0/0
                                            10.0.0.16           --> 0/0
                                            128.0.0.1           --> 0/0
                                            128.0.0.4           --> 0/0
                                            128.0.1.16          --> 0/0
lo0.32768               up    up
lsi                     up    up
mtun                    up    up
pimd                    up    up
pime                    up    up
pp0                     up    up
ppd0                    up    up
ppe0                    up    up
st0                     up    up
tap                     up    up
vlan                    up    up

Answer 1

You can't ping a Windows computer out of the box. That's half the problem. Do you know if the Juniper is configured to allow inbound pings to itself? If not then that's the other half of the problem.

Don't use ping as a network diagnostic tool unless you know it should work. If you want to be able to ping the Windows 10 computer then you need to enable the firewall rule in this screenshot for the appropriate network/firewall profile.

Answer 2

This is an SRX, your interface or the VLANs it carries must be placed into a security zone. That zone will have a stanza that permits traffic (like ECMP) with a destination address of the SRX itself. Here's an example, you can use either statement. If you use the top one, any interface placed into the zone will be pingable. If you use the bottom, only the explicit interface will permit it. It will not summarize the two!

set security zones security-zone ABC host-inbound-traffic system-services ping
set security zones security-zone ABC interfaces fe-0/0/3.0 host-inbound-traffic system-services ping

Now, as others have said, please make sure the Windows 10 system allows ping as well. If this SRX is meant to permit and route traffic through it, you're going to need multiple zones, and rules to permit traffic both between and within those zones.