Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - wpj

Pages: [1] 2
1
Marketplace / For Sale FS: AX411 I have 4 Ax411 for sale.
« on: June 30, 2013, 09:10:10 am »
Hey all I have 4 ax411 for sale. 

shipping from Canada asking 300+shiping.

poe does not work.  You will have to power by dc adapter port.

let me know of you have any questions.

2
SRX Platform and J-series / SRX with 2 ISPs, any thoughts
« on: September 29, 2009, 09:40:13 pm »
OK in Screen OS here is what I did

Untrust-vr = main isp
untrust2-vr = backup isp
trust-vr = internal routing

I exported the default route form each untrust and untrust2 and them imported both default routers into the trust-vr and played with the metrics so that I have them failover,

we also run vpn tunnels down each isp to the data center and ospf on them for fail over, used the backup isp as the primary data center connection and the primary isp as the backup for the data center this way both isp'd were always in full use.

now to do this in JunOS on the SRX.....where do I begin or is there a better option???

Will

3
NSM / NSMXpress.....Inside or Outside
« on: November 19, 2008, 07:46:11 pm »
I am just installing and NSMXpress at out colo, and I am tryign to fiur eout best placement inside or outside fo the firewalls....we will be adding devices from outside out VPNs so I would need a MIP form the untrsut inside so is it safe to jsut leave it outside of the firewall or should it be inside my Monitoring-DMZ

thanks
wpj

4
ok i amputting together a nsrp clster of boxes at our data center for a bunch of my clients as a hub in there hub and spoke vpn

i lready hve bandwith monitoring on a per is from my ustream provider

what i want to know is s there anway  to terminate each customer on a unique  ip on the external interface ie

1.1.1.1/24 is my external ip but i want customer 1 vpns to termiante on 1.1.1.2 and so on is there anything i can do?

5
Remote Access SSL VPN/UAC/MAG, Pulse, and SBR / SA in DMZ or not
« on: October 31, 2008, 07:31:41 pm »
he all I am jsut getting into Sa's is it acceptable to have the external port on the internet or does it need to be behinf an SSG?

6
NetScreen and SSG/ISG Series Firewalls / Layer 2 VPN can it be done
« on: April 26, 2008, 06:58:06 pm »
I have a requirment to have the same segment at to remote locations.

I need to basically have bridged VPN  I ned the same L@ network in both sites including all broadcasts etc,

anyway to do this on SSG's?

7
Suggestions/Feedback / Buy and Sell section
« on: April 14, 2008, 04:57:41 pm »
just wondering if we could have a buy and sell section?

8
NetScreen and SSG/ISG Series Firewalls / Used Great
« on: December 09, 2006, 01:36:21 pm »
hey ther eI ahve some gear which I am thinking of selling, what is the adverage price of the following going for

NS25 Advanced
NS5GT extended
NS5GT 10 user
5XP unlimited
5XP 10 user

thanks

will

9
OK

I ahve one hub site for all of out VPN's just over a 100 terminating there now, I have ISP1 in the untrust-vr which is a E10 or 10meg Fiber connection.  I have ISP2 un untrustbackup-vr which is a 3 meg DSL connection.

I have been able to get my test sites migrated form policy to route based vpn using static and working on ospf in the route-vpns.

Primary tunnel form remote site goes to primary interface e3 tunnel and backup to hub is e3.9

this all sems to fail over nicey but what about my trusted clients,

I htink I can get inbount mail to fail over using mips on th eoutside

but my clients in trust vr what is the best way for them to fail over to the backup isp for web surfing etc....

I thought about defualt route but how would the route become acive, I don; twant to use ECMP as it's not equal and dsl is backup only.


anny thoughts????

10
NetScreen and SSG/ISG Series Firewalls / NSRP and DHCP
« on: July 14, 2005, 03:21:42 pm »
has anuone tried on a NSRP-Lite setup to get there vsi interface to get na IP address via DHCP and have it fail over to the othere box?

11
NetScreen and SSG/ISG Series Firewalls / List x Per Page
« on: July 06, 2005, 12:31:24 pm »
Ok I sem to check my routign tables a lot these days and I always switch it form 20 to 100 at the top of the page, is there anyway to set this parapeter globally?

Will

12
NetScreen and SSG/ISG Series Firewalls / OSPF on 25/50 HA setup
« on: July 04, 2005, 09:19:59 am »
OK, anyone else have a similar setup.

I am running 25's in NSRP-Lite and doign OSPF on a custom zone with 2 sub interface and 2 tunnel interfaces in it.

I also have 2 vsi interfaces one for each sub interface.

Where is the best palce to run my ospf, on sub interfaces, or VSI or both.

I am getting the ospf form the unnumber tunnel interfaces ok but not from the adjacent router running bird ospf on one of the sub interfaces.

I am assuming that I shoudl only run the router on the vsi interface but it seems that it works better runnign only on the sub interfaces and the unnel interfaces?

anyone?

Will

13
I think that the VIP interface type should be moved out of an option to an itnerface but rather become it;s own itnerface type and placed in the untrusted zone, this way the interface could bounce between untrusted ethernet port during fial over of an isp

Will

14
OK I am in a single hub Office enviroment with a lot of spke, for security spokes will not contact each other so I have done Policy based VPN, but wondering if a routed based vpn might be better?

I may have in the future anotrher hub to act as a redundant hub both of those hubs would be connected via private fiber internally between cities.

anythoughts and advanteages/disadvantages on either method?

Thanks

Will

15
NetScreen and SSG/ISG Series Firewalls / PPTP Client Terminations
« on: April 01, 2005, 01:55:18 pm »
I know I might get flamed for this but I woudl like to see a PPTP server on the netscreen so that I can terminat end user PPTP connections drieclty on the netscreen just like Cisco!!!

Will

16
NetScreen and SSG/ISG Series Firewalls / HP OpenView
« on: March 24, 2005, 02:01:16 pm »
Hi anyoen have any experiance that they can share runnign HP OpenView to Monitor a bunch of Netscreen Devices?

Thanks

Will

17
NetScreen and SSG/ISG Series Firewalls / NetScreen 5GT-Wireless
« on: March 21, 2005, 09:03:06 am »
Now only if they woudl have brough these out last month I could have rolled them out...argh...!!!

Will

18
I am using a 25 pair and hading soem minor issues, so I am wondering two things, should I configure NSRP-Lite like NSRP and use the same IP on the interfaces and differenet management IP's or shoudl I use VSI Interfaces?

If I use VSI Interfaces can I still use regualr interface on the NS this seems to work?

ius there a way to manually set the MAC on the redundant untrust interface so that both NS on the outside have the same IP, (I am in an DHCP Reservation setup)

Thanks

19
NetScreen and SSG/ISG Series Firewalls / Configureataion Help
« on: February 21, 2005, 04:28:17 pm »
OK all, I am posting my config, for an NS-25

the ns-25 seems to be running fine but the second ns-25 runns at a very high CPu 44% way to high for an NS box.  the only thing differnet in the configs if the interface ip addresses for all of the interfaces and sub interfaces are one ip hight i.e 251 in the confi the secondary config is 252.  the VSI intefaces are the same, and the priority on the second config is 100 this one is 40.



any throughts?????//
any comments?????


thanks in advance








set clock ntp
set clock timezone -5
set vrouter trust-vr sharable
set vrouter "untrust-vr" default-vrouter
unset vrouter "trust-vr" auto-route-export
set vrouter name "hsmm-vr" id 1025 sharable
unset vrouter "hsmm-vr" auto-route-export
set vrouter "hsmm-vr"
set protocol ospf
set enable
set auto-vlink
set advertise-def-route metric 1 metric-type 1
exit
set protocol rip
set enable
set update-timer 32
set reject-default-route
set no-source-validation
exit
exit
set service "MS-Terminal" protocol tcp src-port 0-65535 dst-port 3389-3389
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "new"
set admin password "Lcm0FGs4DyVMtf6HvXn"
set admin port 6967
set admin mail alert
set admin mail server-name "192.19.69.77"
set admin mail mail-addr1 "new-fw-01@.net"
set admin auth timeout 45
set admin auth server "Local"
set admin auth banner telnet login "Good Morning Telnet!!!"
set admin auth banner console login "Good Evening Console!!!"
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "untrust-vr"
set zone "DMZ" vrouter "untrust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone id 100 "WIRELESS"
set zone "WIRELESS" vrouter "trust-vr"
set zone id 101 "HSMM"
set zone "HSMM" vrouter "hsmm-vr"
set zone id 102 "Guest"
set zone "Untrust-Tun" vrouter "trust-vr"
set zone "Trust" block
set zone "Trust" tcp-rst
set zone "Untrust" block
set zone "Untrust" tcp-rst
set zone "MGT" block
set zone "DMZ" block
set zone "DMZ" tcp-rst
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "WIRELESS" block
set zone "WIRELESS" tcp-rst
set zone "HSMM" block
set zone "HSMM" tcp-rst
set zone "Guest" block
set zone "Guest" tcp-rst
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen winnuke
set zone "Untrust" screen port-scan
set zone "Untrust" screen ip-sweep
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ip-spoofing
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "Untrust" screen syn-frag
set zone "Untrust" screen tcp-no-flag
set zone "Untrust" screen unknown-protocol
set zone "Untrust" screen ip-bad-option
set zone "Untrust" screen ip-record-route
set zone "Untrust" screen ip-timestamp-opt
set zone "Untrust" screen ip-security-opt
set zone "Untrust" screen ip-loose-src-route
set zone "Untrust" screen ip-strict-src-route
set zone "Untrust" screen ip-stream-opt
set zone "Untrust" screen icmp-fragment
set zone "Untrust" screen icmp-large
set zone "Untrust" screen syn-fin
set zone "Untrust" screen fin-no-ack
set zone "Untrust" screen limit-session source-ip-based
set zone "Untrust" screen syn-ack-ack-proxy
set zone "Untrust" screen block-frag
set zone "Untrust" screen limit-session destination-ip-based
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set interface "ethernet1" zone "Trust"
set interface "ethernet1.1" tag 68 zone "Trust"
set interface "ethernet2" zone "WIRELESS"
set interface "ethernet2.1" tag 71 zone "WIRELESS"
set interface "ethernet2.2" tag 72 zone "WIRELESS"
set interface "ethernet3" zone "Untrust"
set interface "ethernet3.1" tag 10 zone "Guest"
set interface "ethernet4.1" tag 144 zone "HSMM"
set interface "ethernet4.2" tag 45 zone "HSMM"
set interface "tunnel.1" zone "HSMM"
set interface "tunnel.2" zone "HSMM"
unset interface vlan1 ip
set interface ethernet1 ip 192.19.69.251/24
set interface ethernet1 nat
set interface ethernet1:7 ip 192.19.69.254/24
set interface ethernet1:7 nat
set interface ethernet1.1 ip 192.19.68.251/24
set interface ethernet1.1 nat
set interface ethernet1.1:7 ip 192.19.68.254/25
set interface ethernet1.1:7 nat
set interface ethernet2 ip 192.19.70.0/24
set interface ethernet2 nat
set interface ethernet2:7 ip 192.19.70.254/24
set interface ethernet2:7 nat
set interface ethernet2.1 ip 192.19.71.251/24
set interface ethernet2.1 nat
set interface ethernet2.1:7 ip 192.19.71.254/24
set interface ethernet2.1:7 nat
set interface ethernet2.2 ip 192.19.72.251/24
set interface ethernet2.2 route
set interface ethernet2.2:7 ip 192.19.72.254/24
set interface ethernet2.2:7 route
set interface ethernet3 ip 12.23.45.67/26
set interface ethernet3 route
set interface ethernet3.1 ip 10.10.254.251/24
set interface ethernet3.1 route
set interface ethernet3.1:7 ip 10.10.254.255/24
set interface ethernet3.1:7 route
set interface ethernet4.1 ip 144.135.200.251/28
set interface ethernet4.1 route
set interface ethernet4.1:7 ip 144.135.203.254/28
set interface ethernet4.1:7 route
set interface ethernet4.2 ip 144.135.200.235/28
set interface ethernet4.2 route
set interface ethernet4.2:7 ip 144.135.200.238/28
set interface ethernet4.2:7 route
set interface tunnel.1 ip unnumbered interface ethernet4.1:7
set interface tunnel.2 ip unnumbered interface ethernet4.1:7
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface ethernet1 ip manageable
set interface ethernet1:7 ip manageable
set interface ethernet1.1 ip manageable
set interface ethernet1.1:7 ip manageable
set interface ethernet2 ip manageable
set interface ethernet2:7 ip manageable
set interface ethernet2.1 ip manageable
set interface ethernet2.1:7 ip manageable
set interface ethernet2.2 ip manageable
set interface ethernet2.2:7 ip manageable
set interface ethernet3 ip manageable
set interface ethernet3.1 ip manageable
set interface ethernet3.1:7 ip manageable
set interface ethernet4.1 ip manageable
set interface ethernet4.1:7 ip manageable
set interface ethernet4.2 ip manageable
set interface ethernet4.2:7 ip manageable
unset interface ethernet1.1 manage ssh
unset interface ethernet1.1 manage telnet
unset interface ethernet1.1 manage snmp
unset interface ethernet1.1 manage ssl
unset interface ethernet1.1 manage web
unset interface ethernet1.1:7 manage ssh
unset interface ethernet1.1:7 manage telnet
unset interface ethernet1.1:7 manage snmp
unset interface ethernet1.1:7 manage ssl
unset interface ethernet1.1:7 manage web
set interface ethernet2 manage ping
set interface ethernet2 manage ssh
set interface ethernet2 manage telnet
set interface ethernet2 manage snmp
set interface ethernet2 manage ssl
set interface ethernet2 manage web
set interface ethernet2:7 manage ping
set interface ethernet2:7 manage ssh
set interface ethernet2:7 manage telnet
set interface ethernet2:7 manage snmp
set interface ethernet2:7 manage ssl
set interface ethernet2:7 manage web
set interface ethernet2.1 manage ping
set interface ethernet2.1 manage ssh
set interface ethernet2.1 manage telnet
set interface ethernet2.1 manage snmp
set interface ethernet2.1 manage ssl
set interface ethernet2.1 manage web
set interface ethernet2.1:7 manage ping
set interface ethernet2.1:7 manage ssh
set interface ethernet2.1:7 manage telnet
set interface ethernet2.1:7 manage ssl
set interface ethernet2.1:7 manage web
set interface ethernet2.2 manage ping
set interface ethernet2.2:7 manage ping
set interface ethernet3.1 manage ping
set interface ethernet3.1:7 manage ping
set interface ethernet4.1 manage ping
set interface ethernet4.1 manage ssh
set interface ethernet4.1:7 manage ping
set interface ethernet4.1:7 manage ssh
set interface ethernet4.2 manage ping
set interface ethernet4.2 manage ssh
set interface ethernet4.2:7 manage ping
set interface ethernet4.2:7 manage ssh
set interface ethernet3 vip untrust 80 "HTTP" 192.19.69.77
set interface ethernet3 vip untrust 25 "MAIL" 192.19.69.77
set interface ethernet3 vip untrust 3389 "MS-Terminal" 192.19.69.77
set interface ethernet3 vip untrust 53 "DNS" 192.19.69.77
set interface ethernet1.1 dhcp server service
set interface ethernet2 dhcp server service
set interface ethernet2.1 dhcp server service
set interface ethernet2.2 dhcp server service
set interface ethernet3.1 dhcp server service
set interface ethernet4.1 dhcp server service
set interface ethernet4.2 dhcp server service
set interface ethernet1.1 dhcp server enable
set interface ethernet2 dhcp server enable
set interface ethernet2.1 dhcp server enable
set interface ethernet2.2 dhcp server enable
set interface ethernet3.1 dhcp server auto
set interface ethernet4.1 dhcp server auto
set interface ethernet4.2 dhcp server enable
set interface ethernet1.1 dhcp server option lease 11440
set interface ethernet1.1 dhcp server option gateway 192.19.68.254
set interface ethernet1.1 dhcp server option netmask 255.255.255.0
set interface ethernet1.1 dhcp server option domainname the-liquers.net
set interface ethernet1.1 dhcp server option dns1 192.19.69.77
set interface ethernet1.1 dhcp server option dns2 142.77.1.1
set interface ethernet2 dhcp server option lease 11440
set interface ethernet2 dhcp server option gateway 192.19.70.254
set interface ethernet2 dhcp server option netmask 255.255.255.0
set interface ethernet2 dhcp server option domainname wireless-mgt.net
set interface ethernet2 dhcp server option dns1 192.19.69.77
set interface ethernet2 dhcp server option dns2 142.77.1.1
set interface ethernet2.1 dhcp server option lease 11440
set interface ethernet2.1 dhcp server option gateway 192.19.71.254
set interface ethernet2.1 dhcp server option netmask 255.255.255.0
set interface ethernet2.1 dhcp server option domainname wireless-bg..net
set interface ethernet2.1 dhcp server option dns1 192.19.69.77
set interface ethernet2.1 dhcp server option dns2 142.77.1.1
set interface ethernet2.2 dhcp server option lease 11440
set interface ethernet2.2 dhcp server option gateway 192.19.72.254
set interface ethernet2.2 dhcp server option netmask 255.255.255.0
set interface ethernet2.2 dhcp server option domainname wireless-a..net
set interface ethernet2.2 dhcp server option dns1 192.19.69.77
set interface ethernet2.2 dhcp server option dns2 142.77.1.1
set interface ethernet3.1 dhcp server option lease 11440
set interface ethernet3.1 dhcp server option gateway 10.10.254.254
set interface ethernet3.1 dhcp server option netmask 255.255.255.0
set interface ethernet3.1 dhcp server option dns1 142.77.1.1
set interface ethernet4.1 dhcp server option lease 11440
set interface ethernet4.1 dhcp server option gateway 144.135.200.254
set interface ethernet4.1 dhcp server option netmask 255.255.255.240
set interface ethernet4.1 dhcp server option dns1 142.77.1.1
set interface ethernet4.2 dhcp server option lease 11440
set interface ethernet4.2 dhcp server option gateway 144.135.200.238
set interface ethernet4.2 dhcp server option netmask 255.255.255.240
set interface ethernet4.2 dhcp server option dns1 142.77.1.1
set interface ethernet1.1 dhcp server ip 192.19.68.100 to 192.19.68.199
set interface ethernet2 dhcp server ip 192.19.70.100 to 192.19.70.199
set interface ethernet2.1 dhcp server ip 192.19.71.101 to 192.19.71.125
set interface ethernet2.1 dhcp server ip 192.19.71.100 to 192.19.71.199
set interface ethernet2.2 dhcp server ip 192.19.72.100 to 192.19.72.199
set interface ethernet3.1 dhcp server ip 10.10.254.100 to 10.10.254.199
set interface ethernet4.1 dhcp server ip 144.135.200.242 to 144.135.200.250
set interface ethernet4.2 dhcp server ip 144.135.200.227 to 144.135.200.234
set interface ethernet3 dhcp-client enable
unset interface ethernet3 dhcp-client settings update-dhcpserver
unset flow tcp-syn-check
set hostname new-fw-01
set address "Trust" "red-Curacao" 192.19.69.77 255.255.255.255
set address "Trust" "newsServers" 192.19.69.0 255.255.255.0
set address "Trust" "newsUsers" 192.19.68.0 255.255.255.0
set address "Untrust" "HSMM-Net144" 144.0.0.0 255.0.0.0
set address "WIRELESS" "Balieys-A" 192.19.72.70 255.255.255.255
set address "WIRELESS" "Balieys-B" 192.19.71.70 255.255.255.255
set address "WIRELESS" "Crown-Royal-A" 192.19.72.69 255.255.255.255
set address "WIRELESS" "Crown-Royal-B" 192.19.71.69 255.255.255.255
set address "WIRELESS" "Wireless-A" 192.19.72.0 255.255.255.0
set address "WIRELESS" "Wireless-B/G" 192.19.71.0 255.255.255.0
set address "WIRELESS" "Wireless-MGT" 192.19.70.0 255.255.255.0
set address "WIRELESS" "new-AP-01" 192.19.70.1 255.255.255.255
set address "WIRELESS" "new-AP-06" 192.19.70.6 255.255.255.255
set address "WIRELESS" "new-AP-11" 192.19.70.12 255.255.255.255
set address "HSMM" "All 144 Net" 144.0.0.0 255.0.0.0
set address "HSMM" "HSMM-LAN" 144.135.200.224 255.255.255.240
set address "HSMM" "HSMM-VMIS-All" 144.135.200.0 255.255.252.0
set address "HSMM" "HSMM-WLAN" 144.135.200.240 255.255.255.240
set address "HSMM" "VE3new-15" 144.135.200.192 255.255.255.224
set address "Guest" "GuestNetwork" 10.10.254.0 255.255.255.0
set user "guest" uid 1
set user "guest" type  auth
set user "guest" hash-password "02tUV5kM9VHPqwcj0uZrXzAOpu9w63oU/d088="
set user "guest" "enable"
set user "hsmm" uid 2
set user "hsmm" type  auth
set user "hsmm" hash-password "02evgyDbpIvQWFNnP4qDwixX0z/0aCafh3zQM="
set user "hsmm" "enable"
set ike gateway "GW_VBHF" address 0.0.0.0 id "va3bhf-1@va3bhf.hsmm.ca" Aggr outgoing-interface "ethernet3" preshare "8/QwlQFKNX37e2seEcCtD2xZ+6nNf8esYQ==" sec-level standard
unset ike gateway "GW_VBHF" nat-traversal
set ike gateway "GW_VVVS" address 116.13.31.33 Main outgoing-interface "ethernet3" preshare "hM28cCJQNotzD3sNtiCcdOp1OjnwdZuYqw==" sec-level standard
set ike respond-bad-spi 1
set ike gateway "GW_VBHF" heartbeat hello 5
set ike gateway "GW_VBHF" heartbeat reconnect 60
set ike gateway "GW_VVVS" heartbeat hello 5
set ike gateway "GW_VVVS" heartbeat reconnect 60
set vpn "VPN_VA3BHF" gateway "GW_VBHF" replay tunnel idletime 0 sec-level standard
set vpn "VPN_VA3BHF" id 3 bind interface tunnel.2
set vpn "VPN_VE3VVS" gateway "GW_VVVS" replay tunnel idletime 0 sec-level standard
set vpn "VPN_VE3VVS" id 4 bind interface tunnel.1
set arp age 60
set arp always-on-dest
set nsrp cluster id 7
set nsrp cluster name new-fw-00
set nsrp vsd-group master-always-exist
unset nsrp vsd-group id 0
set nsrp vsd-group id 7 priority 50
set nsrp vsd-group id 7 preempt
set nsrp vsd-group id 7 preempt hold-down 10
set nsrp encrypt password nsrp
set nsrp auth password nsrp
set nsrp secondary-path ethernet1
set nsrp interface ethernet4
set nsrp monitor interface ethernet1 weight 1
set nsrp vsd-group id 7 monitor interface ethernet1 weight 1
set nsrp monitor zone Trust weight 1
set nsrp vsd-group id 7 monitor zone Trust weight 1
set nsrp ha-link probe threshold 5
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set group address "Trust" "GRP-newsServers"
set group address "Trust" "GRP-newsServers" add "newsServers"
set group address "Trust" "GRP-newsUsers"
set group address "Trust" "GRP-newsUsers" add "newsUsers"
set group address "WIRELESS" "GRP-Wireless"
set group address "WIRELESS" "GRP-Wireless" add "Wireless-A"
set group address "WIRELESS" "GRP-Wireless" add "Wireless-B/G"
set group address "WIRELESS" "GRP-Wireless" add "Wireless-MGT"
set group address "WIRELESS" "GRP-Wireless-US"
set group address "WIRELESS" "GRP-Wireless-US" add "Balieys-A"
set group address "WIRELESS" "GRP-Wireless-US" add "Balieys-B"
set group address "WIRELESS" "GRP-Wireless-US" add "Crown-Royal-A"
set group address "WIRELESS" "GRP-Wireless-US" add "Crown-Royal-B"
set group address "HSMM" "GRP-HSMM"
set group address "HSMM" "GRP-HSMM" add "HSMM-LAN"
set group address "HSMM" "GRP-HSMM" add "HSMM-WLAN"
set group address "HSMM" "GRP-HSMM" add "VE3new-15"
set group address "Guest" "GRP-Guests"
set group address "Guest" "GRP-Guests" add "GuestNetwork"
set group service "red-Curacao"
set group service "red-Curacao" add "DNS"
set group service "red-Curacao" add "HTTP"
set group service "red-Curacao" add "HTTPS"
set group service "red-Curacao" add "MAIL"
set group service "red-Curacao" add "MS-Terminal"
set group service "HTTP-HTTPS-DNS"
set group service "HTTP-HTTPS-DNS" add "DNS"
set group service "HTTP-HTTPS-DNS" add "HTTP"
set group service "HTTP-HTTPS-DNS" add "HTTPS"
set url protocol sc-cpa
exit
set policy id 13 from "HSMM" to "Untrust"  "All 144 Net" "HSMM-Net144" "ANY" permit log count
set policy id 14 from "HSMM" to "Untrust"  "All 144 Net" "Any" "HTTP-HTTPS-DNS" permit auth user "hsmm" log count
set policy id 12 from "WIRELESS" to "HSMM"  "GRP-Wireless" "All 144 Net" "ANY" permit log count
set policy id 11 from "Trust" to "HSMM"  "GRP-newsServers" "All 144 Net" "ANY" permit log count
set policy id 10 from "Guest" to "Untrust"  "GRP-Guests" "Any" "HTTP-HTTPS-DNS" permit webauth user "guest" log count
set policy id 9 from "WIRELESS" to "WIRELESS"  "GRP-Wireless" "GRP-Wireless" "ANY" permit log count
set policy id 8 from "Trust" to "Trust"  "GRP-newsUsers" "GRP-newsServers" "ANY" permit log count
set policy id 7 from "Trust" to "Trust"  "GRP-newsServers" "GRP-newsUsers" "ANY" permit log count
set policy id 6 from "Trust" to "Untrust"  "GRP-newsUsers" "Any" "ANY" permit log count
set policy id 5 from "Trust" to "WIRELESS"  "GRP-newsServers" "GRP-Wireless" "ANY" permit log count
set policy id 4 from "WIRELESS" to "Untrust"  "GRP-Wireless" "Any" "ANY" permit log count
set policy id 3 from "WIRELESS" to "Trust"  "GRP-Wireless" "GRP-newsServers" "ANY" permit log count
set policy id 2 from "Trust" to "Untrust"  "GRP-newsServers" "Any" "ANY" permit log count
set policy id 1 from "Untrust" to "Trust"  "Any" "VIP(ethernet3)" "red-Curacao" permit log count
set vpn "VPN_VA3BHF" proxy-id local-ip 144.0.0.0/8 remote-ip 144.0.0.0/8 "ANY"
set vpn "VPN_VE3VVS" proxy-id local-ip 144.0.0.0/8 remote-ip 144.0.0.0/8 "ANY"
set syslog config "192.19.69.77"
set syslog config "192.19.69.77" facilities local0 local0
set syslog src-interface ethernet1
set syslog enable
set firewall log-self
set nsmgmt bulkcli reboot-timeout 60
set ssh version v2
set ssh enable
set scp enable
set config lock timeout 5
set dl-buf size 4718592
set ntp server "192.5.41.41"
set ntp server backup1 "0.0.0.0"
set ntp server backup2 "0.0.0.0"
set snmp community "newsplace" Read-Write Trap-on  traffic version any
set snmp host "newsplace" 192.19.71.101 255.255.255.255 src-interface ethernet2.1 trap v1
set snmp host "newsplace" 192.19.69.77 255.255.255.255 src-interface ethernet1 trap v1
set snmp location "newsPlace"
set snmp contact "William"
set snmp name "new-fw-01"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
set preference ebgp 250
set preference ibgp 40
set route 192.19.69.77/32 vrouter "trust-vr" preference 20
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 vrouter "untrust-vr" preference 20
exit
set vrouter "hsmm-vr"
set preference ebgp 250
set preference ibgp 40
set preference ospf-e2 254
set adv-inact-interface
set access-list 144
set access-list 144 permit ip 144.0.0.0/8 144
set route-map name "Net144" permit 144
set match ip 144
exit
set route 0.0.0.0/0 vrouter "untrust-vr" preference 20
set protocol ospf
set redistribute route-map "Net144" protocol connected
set redistribute route-map "Net144" protocol static
set redistribute route-map "Net144" protocol imported
set redistribute route-map "Net144" protocol rip
exit
set protocol rip
set redistribute route-map "Net144" protocol ospf
set redistribute route-map "Net144" protocol connected
set redistribute route-map "Net144" protocol static
set redistribute route-map "Net144" protocol imported
set route-map "Net144" in
set route-map "Net144" out
exit
exit
set interface ethernet4.1 protocol ospf area 0.0.0.0
set interface ethernet4.1 protocol ospf enable
set interface ethernet4.1 protocol ospf cost 1
set interface ethernet4.2 protocol ospf area 0.0.0.0
set interface ethernet4.2 protocol ospf enable
set interface ethernet4.2 protocol ospf cost 1
set interface tunnel.1 protocol ospf area 0.0.0.0
set interface tunnel.1 protocol ospf enable
set interface tunnel.1 protocol ospf cost 10
set interface tunnel.2 protocol ospf area 0.0.0.0
set interface tunnel.2 protocol ospf enable
set interface tunnel.2 protocol ospf cost 10
set interface ethernet4.1:7 protocol ospf area 0.0.0.0
set interface ethernet4.1:7 protocol ospf enable
set interface ethernet4.1:7 protocol ospf cost 1
set interface ethernet4.2:7 protocol ospf area 0.0.0.0
set interface ethernet4.2:7 protocol ospf enable
set interface ethernet4.2:7 protocol ospf cost 1
set interface ethernet4.1 protocol rip
set interface ethernet4.1 protocol rip send-version v1v2
set interface ethernet4.1 protocol rip receive-version v1v2
set interface tunnel.1 protocol rip
set interface tunnel.1 protocol rip enable
set interface tunnel.1 protocol rip split-horizon poison-reverse
set interface tunnel.1 protocol rip send-version v1v2
set interface tunnel.1 protocol rip receive-version v1v2
set interface tunnel.2 protocol rip
set interface tunnel.2 protocol rip split-horizon poison-reverse
set interface tunnel.2 protocol rip send-version v1v2
set interface tunnel.2 protocol rip receive-version v1v2
set interface ethernet4.1:7 protocol rip
set interface ethernet4.1:7 protocol rip send-version v1v2
set interface ethernet4.1:7 protocol rip receive-version v1v2
set interface ethernet4.2 protocol rip
set interface ethernet4.2 protocol rip send-version v1v2
set interface ethernet4.2 protocol rip receive-version v1v2
set interface ethernet4.2:7 protocol rip
set interface ethernet4.2:7 protocol rip send-version v1v2
set interface ethernet4.2:7 protocol rip receive-version v1v2
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
exit
set vrouter "hsmm-vr"
exit

20
NetScreen and SSG/ISG Series Firewalls / DHCP Cleint on untrust interface
« on: February 14, 2005, 09:06:36 am »
Hi, just wondering if there is anyway to have the NS wait for the DHCP client to get it;s address, I find manytimes that the DHCP client doesn;t get the address right on boot, but it does on the second etempt but I find that by this time the NS drops all networkign because it can;t get an IP strange.

Will

Pages: [1] 2