Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - SEBI

Pages: [1]
Routers / allow port in SRX-300
« on: April 09, 2018, 11:38:01 pm »
New to SRX-300 Juniper configuration.  There are many great tutorials out there and learning every day.
So this question may be very basic (apologize). Looks at some videos but rather confusing with rules, pools, applications...etc
I have a port 12345 (in the trusted side) that needs to be access by the  untrusted side. 
Can anyone provide a sample or steps via CLI to do this.
greatly appreciated

SRX Platform and J-series / SRX-100 configuration file
« on: November 09, 2015, 01:17:35 am »
We use a SRX-100 (firewall) that has several policies defined as well as applications.  this configuration will be used in all environments and thus, it contains settings that are for both; however, certain policies, ports (e.g. in scenario Oracle is used, another MSSQL) are not needed in some cases.
I could have a dedicated configuration file for the right environment what I am thinking along the lines of a "universal" configuration file which I have tested already.
so I have a general question: Is there any issues (performance, memory) as of result of configuring entries that are not needed?
For example, is the SRX-100 utilize more memory when the configuration file is loaded?

Routers / port forwarding
« on: November 14, 2014, 10:55:34 am »
erwreApologize for a simple question, I have just acquired a SSG5 Juniper and learning the configuration.
The current configuration seems to be working except for a port 5002 that needs to be accessed from the untrust side.  How do I do that?
Eht 0/0  (untrust)
Eth 0/2 (trusted)
In my trusted I have a service listening on port 5002
Here is what I have done:
1.   Created the service
>set service "MyService" protocol tcp src-port 0-65535 dst-port 5002-5002 timeout never

2.   Create the VIP and map it
>set interface ethernet0/0 vip
>set interface ethernet0/0 vip 5002 "MyService"

3.   Created the policy
set policy id 2 name "MyPol" from "Untrust" to "Trust"  "Any" "VIP(" "MyService" permit
set policy id 2

This did not work (even after rebooting the SSG5). 
I guess I can test the port by c:\telnet but then I need to configure (allow)  telnet right?

My understanding that all communication from untrust will go thru Ethe 0/0 (  )

Any help is greatly appreciated 

NetScreen and SSG/ISG Series Firewalls / SSG5-port 0/0 speed
« on: September 20, 2014, 11:25:32 pm »
Apologized for this simple question, just got a SSG5 and learning the configuration process.

When I use the command >get driver phy
it displays the Ethernet0/0 speed 10mb but the other trusted ports (bgroup0) are set to 100mb.
I tried to set the 0/0 as follows
“set interface ethernet0/0 phy full 100mb” then reload the cfg file but the link status is down.
How can I force it to be full duplex 100mb? Do I even need to do this for this port (0/0)?
Many thanks

Pages: [1]