Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - muppet

Pages: 1 2 3 4 5 [6] 7 8 9 10 11
NetScreen and SSG/ISG Series Firewalls / Re: VIP not working; please help
« on: October 04, 2007, 02:49:12 pm »
You add the VIP to the untrust Interface.  Because the private address is on the trust side, you NEED a policy in place.

You have to add a policy from Untrust to trust, source address any, destination address the VIP you created.

The manual is correct, you don't need to add a route.  You DO need to add a policy.

NetScreen and SSG/ISG Series Firewalls / Re: VIP not working; please help
« on: October 04, 2007, 01:21:07 pm »
Did you also add a policy allowing the VIP?
Just putting the VIP in by itself won't work.

I set up my 5GT here in the UK to have a play.  The same thing, the BT service I was using didn't require authentication, but the 5GT won't let you leave it blank.

So I just put any old thing in the username and pass and it worked fine.

If you have any major problems post back, but like I said I got my 5GT-ADSL online without a problem.

I wish I could open a case on this one.

I was using 5.4.0r6 and my GF's Apple Mac laptop just would not load *small* pages, or certain sites.  Google just would not load up, but most other sites would load fine.  Sites that would load loaded very fast, but google just stalled and would take anywhere up to 3 minutes to fully load.

Very, very frustrating.  Didn't matter what order I put the interfaces in (i.e. the "fix" posted above didn't work for me) or if encryption was on or off.

In the end, I had to downgrade back to 5.3.0r10 and presto, it works fine.  I hope it's fixed in r7 if/when it's released.

NetScreen and SSG/ISG Series Firewalls / 5.3.0r10 is out
« on: September 13, 2007, 04:01:46 pm »
For those following the 5.3.0 train of code.  Share and enjoy.

NetScreen and SSG/ISG Series Firewalls / Re: Certification Help
« on: August 31, 2007, 10:16:21 am »
You won't learn about the 5GT specifically, no.  But you will learn about how the firewalls work, what a zone is, the sort of stuff you'll need to understand to work well with 5GTs and other Netscreen Firewalls.

Your best way to learn is to take one home (if you can get ahold of one, of course), plug it into your home network and make it go.  Setup some VPNs etc.

If you just want to learn about them, you're probably better off spending time reading the PDF's on Juniper website about the various ScreenOS features.

BTW: It's ScreenOs you really want to learn about, the actually device running ScreenOS isn't that all important (except for how many ports it has and what protocols they support)

Routers / Re: wireless clients cant browse wired servers or clients
« on: April 12, 2007, 04:52:31 pm »
Strange that ping works yet browsing doesn't.

Both Interfaces are in the trust zone?  You haven't turned on intra-zone blocking?

"set zone trust block"

That will stop different interfaces in the same zone from being able to talk to each other unless there's a policy in place.

I have a wireless 5GT too, but I don't have any windows boxes on the network so I'm sorry I can't help you test this.

Have you tried 5.4.0r3a to see if that helps at all?

I know this isn't exactly what you've asked, but have you looked at ? Very very good.

NetScreen and SSG/ISG Series Firewalls / Re: SNMP issue on SSG-550
« on: March 24, 2007, 02:15:53 am »
It certainly is a known issue, I had the same problem with my 5GT and 5.4.0r2

Upgrading to r3 fixes it.

NetScreen and SSG/ISG Series Firewalls / Re: NS5GT Red LED blinking
« on: March 24, 2007, 02:13:57 am »
You really need to *get* a serial port then, otherwise you'll have no way of knowing what's wrong.

Is it a WLAN model?  Maybe it's over heating.  I know my 5GT gets *VERY* hot, I had to buy a small external fan to blow air on it...

NetScreen and SSG/ISG Series Firewalls / Re: Auto Reboot
« on: February 15, 2007, 01:13:54 pm »
That's very strange then.

I suspect maybe your ISP has a problem, you're still getting LCP keepalives etc (i.e. PPP is still up) but something's wrong at the IP layer.  Sounds like there's nothing the NS could do about it, I suspect any other device placed there would experience the same thing.

Could you install a linux box or similar on the site that tries to ping a known external site, when it fails two times it logs onto the NS and disconnects the ADSL interface?

Goodluck with it anyway, sounds like a tricky one!

Status is down if the 5GT can't ping the host.

Make sure you turn off "Server Auto Detection" if you've disabled ping replies (or have a firewall installed etc) on the second server.  This will force the VIP to "up" always.  Should fix your problem.

NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 5.4.0r3
« on: February 08, 2007, 08:43:31 pm »
Wow, that's a big step to pull it.  Still, seeing as it's something almost *everyone* uses I'm not that shocked.

Thanks for the update.  Maybe r3a will be the version I have been waiting for...

Or maybe they'll break ICMP.

NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 5.4.0r3
« on: February 07, 2007, 02:16:06 pm »
@oldo: Yea I tried playing with both the NS generated cert and 2 other certs I'd created.  None of them worked correctly.

To be fair though I got pissed off with the whole thing fairly quickly and just went back to 5.3, so I didn't test it heavily.

NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 5.4.0r3
« on: February 06, 2007, 01:49:26 am »
There's no solution I can find, nope.

I agree with what junipoint said, I just can't understand how you can cock something so simple up.

I am still back down at 5.3 because for me it's "bug free"

NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 5.4.0r3
« on: February 03, 2007, 01:29:37 am »
Yea, I just rebooted again and now it's broken.

I think if I wait for 10-20 minutes it'll work again.

I say this because when I went out shopping with my GF this morning, it was broken, but when I got back it was working.

A reboot broke it again, now changing certs and other things that I thought fixed it haven't.  I think it's a bug!  I will test it again in a few hours and I'll bet it works...

NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 5.4.0r3
« on: February 03, 2007, 12:25:25 am »
Well, after playing with certificates, it seems now to work. Still very werid though...

NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 5.4.0r3
« on: February 03, 2007, 12:03:49 am »
I think I've found a bug in 5.4.0r3 already!

It seems that I can't login the webui via HTTPS anymore, it just keeps acting like I got the wrong password.

Logging in via HTTP plain works fine though.  Strange.

Anyone else seen this?  I'm on a 5GT btw.

NetScreen and SSG/ISG Series Firewalls / Re: 5.4 can't poll SNMP
« on: February 02, 2007, 05:36:34 pm »
This is a known issue with 5.4r2.  Upgrade to 5.4.0r3 which just released.  It should have the fix.

Along with a new bug where you can't log in anymore via the web interface...

At least, that's what I'm getting now I've just upgraded to 5.4.0r3 for a trial run. Arrrrgh!!!

Pages: 1 2 3 4 5 [6] 7 8 9 10 11