Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - muppet

Pages: 1 2 3 [4] 5 6 7 8 9 ... 11
NetScreen and SSG/ISG Series Firewalls / Re: image corrupted !!!
« on: July 10, 2008, 06:43:28 am »
I would raise this with the Juniper TAC as it sounds like a hardware issue.

This is a question only you can answer, by knowing what features you are using and reading the release notes.

5.4.10 works *great* for me, totally stable, no problems since its release.

I am, however, using it on a 5GT with about 7 wireless clients connected, one VPN and about 10 policies, maybe 15.  So, not exactly a mission critical, important situation.

No, it wouldn't, unless you've tweaked all the timers etc to something silly.

Does the NS Event Log tell you anything at all that might help debug it?

There's no command to shut/unshut interfaces on the 5GT.

It's annoying.

Lots of bugfixes.

Share and enjoy.


You'd use a MIP, 1 to 1 mapping.

If you want a wireless model, go with a 5GT!  The SSG-5 wireless model is very noisy, so I'm told.

Maybe it's just my jealously showing... :)

What version of FW are you using?

Have you looked in the release notes for that version of firmware to see if there's anything that's known to cause reboots (there often is!)

You've probably just tripped over some bug in the ScreenOS code.

There's not really anything more we could tell you though, if you really needed to find a root cause you'd have to get Juniper involved.

I'd go with putty, firefox or even PumpKIN (tftp server)
(Yes, I'm trying to be funny)

You're probably after Netscreen Security Manager though,  which I don't think you can download freely.

You should explain in more details what you're trying to achieve.

NetScreen and SSG/ISG Series Firewalls / Re: 5.4.0r9 is released
« on: February 28, 2008, 06:49:41 am »
Yea, I was just reading those... There are some very nasty ones in there.

I only have a 5GT at home, so I don't think to many of those will bite me.  Time will tell :)

NetScreen and SSG/ISG Series Firewalls / 5.4.0r9 is released
« on: February 28, 2008, 04:48:16 am »
Share and enjoy.

NetScreen and SSG/ISG Series Firewalls / Re: License Questions
« on: February 11, 2008, 02:22:40 am »
You're also limited to 2000 sessions with no license, instead of 4000 (edit: 4000 only with an extended license, not plus)

I am still trying to find a Netscreen keygen for my home 5GT ;)

Sorry you're right - I didn't read the full thread and I will bash myself on the head accordingly.

The next step to troubleshoot this if I was in your shoes would be to install Wireshark on the machine in question and leave it logging in the background for a couple of hours.  Clear the sessions on the firewall (clear session) and see if they reappear.

If they do, have a look at your wireshark capture and see if you can figure out what the traffic is!  If it doesn't appear in Wireshark, then make sure you

a) Don't have a rootkit installed
b) You really have the right machine (check the arp addresses "get arp" to make sure there's not multiple machines with the same IP)

Hope this helps more than my last boneheaded post :)

If the sessions aren't timing out, they must be in use.

ssh to the console of the device and do a "get session" - You can then examine in detail what the ports are.

Most probably someone running Skype or Bittorrent.

NetScreen and SSG/ISG Series Firewalls / Re: 5gt firmware required
« on: January 23, 2008, 06:42:41 am »
@longbows: What's Bala? Has your brain seized?

Have you done a

"set vip multi-port"

Then restarted your NS?

That might fix it (I'm guessing here - Others please point out if this is bad/wrong advice)

NetScreen and SSG/ISG Series Firewalls / Re: Blocking IP address range?
« on: January 21, 2008, 03:23:47 am »
It sounds like he's got a VIP setup, and even though he's putting rules in to deny traffic, it's still traversing via the VIP to his end device.

That's why I think he keep mentioning VIP mutli-port.

It's not very clear though...

NetScreen and SSG/ISG Series Firewalls / Re: Netscreen 5GT : CRTI level
« on: January 18, 2008, 02:10:16 am »
@alan: That's an even better suggestion.  I will do that on my home 5GT, where I offer free wireless.  Sometimes people take lots of sessions, I'd never thought to do this before.


NetScreen and SSG/ISG Series Firewalls / Re: Url Filtering
« on: January 17, 2008, 07:15:02 am »
Disco Chicken!

NetScreen and SSG/ISG Series Firewalls / Re: Url Filtering
« on: January 17, 2008, 06:59:36 am »
For me, here in the UK, the source servers are:

Load up facebook, view the source and see where all the images, css, JS are coming from and whitelist that.

Pages: 1 2 3 [4] 5 6 7 8 9 ... 11