Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - c3lin3

Pages: [1] 2 3
1
This issue seems to be solved in 6.2.0r11. It is mentioned in the release notes:

585314 SCP to the firewall failed from an UNIX machine and displayed the error "unknown file '--ns_sys_config."

2
you just have to route the remote network of the sonicwall through the tunnel. If you are using the trust-vr it will look like the following:

set vrouter trust-vr route <remote-network/mask> interface tunnel.<interface number>

3
Hi,
it should be no problem to have a numbered tunnel on your side.
Configured this to ASAs already.
Just take care that the proxy id matches.

4
They still recommend appropriate ScreenOS Versions:

https://www.juniper.net/customers/csc/software/netscreen_versions.jsp

For the SSG-550M it is 6.2.0


5
This is now listed in the release notes as a known issue in 6.2.0r10. I guess r7 is affected as well

Maybe you already opened a JTAC case and this is the reason.

Hopefully this will be fixed in the next release.

Have you actually tried r8 and r9?

6
your're welcome  :-D

That is really strange cause that's the way we are backing up our devices once a day. Never had issues with that... (standard redhat installation)

... maybe sth. with the ssh version (since 5.1 v2 is default)

what is the output of "get ssh" and "get scp"

7
Just to make it easier I'd recommend to upgrade the screenos first (if possible) before starting debugging since 5.0.0r8 came out on 29 Jun 2004.

5.4r20 should be the latest one for this hardware

8
I just tried this on a lab device which is running the same screenos version. With pscp I had to force the proto scp and it is only working without the / in front of the config file:

pscp.exe -scp netscreen@192.168.1.1:ns_sys_config backup.cfg

With the slash I got an error message

pscp version i used: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html


9
XP SP2 (quite old  :-D)

KB884020 will solve your problems

Juniper: KB9212

10
Remote Access SSL VPN/UAC/MAG, Pulse, and SBR / Re: SA2500 vs SA2000
« on: January 17, 2011, 02:50:38 pm »
All features are enabled by installing a license. The x500 series is just the successor of the x000 series.


12
NetScreen and SSG/ISG Series Firewalls / Re: Juniper SSG 20 Device
« on: January 12, 2011, 08:54:21 am »
I guess you are talking about the proxy id in a route based vpn?

Possible solutions:
1) Upgrade to ScreenOS 6.3
2) Supernet the two LANs (if possible...)
3) Create two phase-2 vpns and bind them to the same gateway
4) switch to policy based VPN

13
Starting at Palo Alto Networks PA-500 $ 3,735.00
Ending at Palo Alto Networks PA-4060 $ 66,400.00

The PA-500 is doing things in software which all other models do in hardware.

The model after the PA-500 is the PA-2020 ($ 9,960.0)

All prices are without any discount.

14
You call it extensive add-on functionality - I call it essentials for a security device  :evil:

15
We plan to evaluate these devices. At least they have great marketing :-D

I love the presentations of Nir Zuk - especially when he compares the Checkpoints, Ciscos, and Whatevers out there with a straight ethernet cable.

Currently I cannot find some features in their portfolio (not verified):
- VPN Manager in der Central Management
- Special kind of VPNs: Auto Connect VPNs/Group VPN (Juniper), DMVPN, GETVPN (Cisco)
- and a lot more ...

For me their product looks more like an add-on than a replacement of a traditional firewall/router.

As soon as I have configured one of these devices I will update this post.

16
Remote Access SSL VPN/UAC/MAG, Pulse, and SBR / Re: SA 2500 Questions
« on: March 02, 2010, 12:33:44 pm »
I have some comments:

3. ActivIdentity
8. You can configure the gateway dual homed (external port facing the internet - internal port pointing to your network)

17
SRX Platform and J-series / Re: ScreensOS to JUNOS conversion tool
« on: December 27, 2009, 05:57:51 am »

18
Are there any updates?
I am interested in the cause of the problem. -> Just if you want to share :roll:

19
SRX Platform and J-series / Re: Simple Nat or so i thought
« on: November 14, 2009, 07:03:07 am »
I just tried this on a srx device. Hope this applies for j-series with enhanced services ;-)

Taken from the juniper documentation:

Internet |  - 40.0.0.0/24 - | JUN-Device | - 50.0.0.0/24 - | LAN (or whatever)

Example is for a webserver and http traffic. Assuming that ge0/0/0 is in the zone untrust and ge0/0/1 is in the zone trust

set security nat proxy-arp interface ge-0/0/0 address 40.0.0.3/32
set security nat static rule-set static-nat from zone untrust
set security nat static rule-set static-nat rule rule1 match destination-address 40.0.0.3
set security nat static rule-set static-nat rule rule1 then static-nat prefix 50.0.0.3
set security zones security-zone trust address-book address webserver 50.0.0.3
set security policies from-zone untrust to-zone trust policy static-nat match source-address any destination-address webserver application junos-http
set security policies from-zone untrust to-zone trust policy static-nat then permit

There is a document on the juniper site which is called: Juniper Networks SRX Series and J Series NAT for ScreenOS Users. I assume you are not a screenos user but anyway I think this document is very helpful for understanding the juniper nat.


20
Hi Scott,

For example: Let eth0/2 be the untrust interface (ip 1.1.1.1/24 gw 1.1.1.254). Your config could look like:
set interface ethernet0/2 zone untrust
set interface ethernet0/2 ip 1.1.1.1 255.255.255.0

Then I think you have the following line in your config:
set interface ethernet0/2 gateway 1.1.1.254

This entry is generating your connected route.

For generating the default route just use the command:
set vrouter <vrouter> route 0.0.0.0 0.0.0.0 interface ethernet0/2 gateway 1.1.1.254  preference <preference>


Pages: [1] 2 3