Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - muppet

Pages: 1 2 [3] 4 5 6 7 8 ... 11
41
NetScreen and SSG/ISG Series Firewalls / Re: failed to update license key
« on: December 17, 2008, 09:57:04 am »
This has never worked for me the whole time I've had my 5GT.
I've just been curious to see what'd happen, and it always gives this error.  I assumed there was a trick to it that I didn't know because I don't have a license.

42
NetScreen and SSG/ISG Series Firewalls / Intra Zone Confusion!
« on: December 17, 2008, 09:50:57 am »
I'm a bit confused and I'm hoping a guru can help me.

I have a 5GT, running 6.2.0r1

I have a Trust zone and the Trust ethernet ports are in this zone.  I have allocated 192.160.1.0/24 to the Trust interface and I have a host, 192.168.1.50

I also have a Wireless2 Interface (10.1.1.0/24), which is WPA2 enabled.  It too has been put into the Trust zone.

I have checked my Trust Zone settings and "Block Intra-Zone Traffic" is not checked.

However, I still need to create a Policy "from Trust to Trust" with a permit statement, before my Wireless devices can access the 192.168.1.50 server.

Does anyone know why this is?  I could understand the need to create the Trust->Trust Allow policy if Intra Zone blocking was enabled, but it's not.

Is it due to the Global ANY->ANY Deny I have in place?

Also, is there a list somewhere of how the policies are evaluated (i.e. where in the chain the global policy is examined, where the intra-zone blocking is examined etc)

43
How often is it crashing? Does it work at all, i.e. can you connect via the wireless?

I have a 5GT here and it hardly ever gives wireless problems.  About once every 3 months, the Wireless will stop passing traffic, but a simple "exec wlan reactivate" will fix that (causes the AP to reboot)

If you're getting this message over and over again, it would seem like a hardware problem with the AP.

I used 5.4.0r8 for a while and it worked OK for my wireless setup.

Tim

44
I'm really not good enough to know much about VPN's on these things (though I am learning as much as I can!)

That was just the one thing that stuck out at me...

Sorry! Hopefully a guru can help you out.

45
NetScreen and SSG/ISG Series Firewalls / Re: update via proxy server
« on: November 18, 2008, 05:57:24 am »
You originally asked about AV/DI, which is why I provided that info.

I'm not sure about your other queries I'm afraid.

46
NetScreen and SSG/ISG Series Firewalls / Re: update via proxy server
« on: November 18, 2008, 05:41:56 am »
You'll notice I said ScreenOS6.2, not 6.1 (I have a 5GT, can't use 6.1)

Under my "Security" WebUI section is there is a Proxy Option.

47
I notice you are assigning 192.168.100.x to your remote VPN connection, but your wins server is 192.168.1.200

When your remote VPN machine connects, does it have a valid, working route to 192.168.1.200?

Tim

48
NetScreen and SSG/ISG Series Firewalls / Re: update via proxy server
« on: November 18, 2008, 05:24:01 am »
I don't think so, no.
I'm not sure if a proxy server is supported in ScreenOS 5.x, anyone else have knowledge of this?

49
NetScreen and SSG/ISG Series Firewalls / Re: AV&AS menu disappeard
« on: November 18, 2008, 05:22:24 am »
You have to buy a seperate license to use the AV features. It's not part of the hardware itself.  I assume (I don't have a SSG) that once you've purchased and installed the licence for the AV that you'll get all those options.

"get license" from the console for details.  I think there's a WebUI menu that gives you your current entitlement as well.

50
NetScreen and SSG/ISG Series Firewalls / Re: update via proxy server
« on: November 14, 2008, 01:44:11 am »
I have seen this option in ScreenOS6.2, not sure if it's in earlier versions.

What version of ScreenOS are you running?

51
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 6.2
« on: November 13, 2008, 08:53:55 am »
Well, Juniper obviously disagree with themselves, they've included a client!

I think it's a good and useful tool as well.

52
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 6.2
« on: November 13, 2008, 08:34:45 am »
Ok, deep breaths, calm down.  :-)

I was just going off what I'd read here by another member with a lot of experience.

The logic seemed to make sense to me, if you can somehow manage to crack your way onto the firewall (agreed - a very bad thing) and it has a telnet client, you then have a jumping off point.  If you don't have one, you can't jump around the network easily.

I was never suggesting turning off telnet everywhere.

53
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 6.2
« on: November 13, 2008, 08:00:02 am »
I found that interesting.  I thought one of the reasons this wasn't included wasn't because it wasn't easy enough to do, rather because it opens up a potential security hole.  I.E. if you manage to crack the firewall and login (even in a guest capacity) you can then use it to telnet into the network.

To be fair, I haven't looked at it closely.

54
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 6.2
« on: November 12, 2008, 05:21:24 am »
Not suprised, they are great boxes!

55
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 6.2
« on: November 12, 2008, 04:21:27 am »
I suspect that there's a very large govt dept or similar out there, that must have a lot of clout.

Otherwise they'd be forcing everyone to the SSG5, wouldn't they?

56
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS 6.2
« on: November 11, 2008, 10:22:16 am »
Wow, fantastic.  I must say I'm very impressed to see 6.2.0r1 running on my little 5GT here.

I like the new welcome screen and the Interface overall seems a lot more responsive.

It seems like there's life in the old girl yet!

57
NetScreen and SSG/ISG Series Firewalls / Re: what´s new in ScreenOS 6.2
« on: November 11, 2008, 10:20:56 am »
jib: I assume the huge surprise was support for the 5GT?

Which I must say I'm very happy about!

58
NetScreen and SSG/ISG Series Firewalls / Re: NS5GT
« on: October 14, 2008, 10:18:54 am »
For debugging/playing around with the ADSL stuff I also discovered the exec adsl ? series of commands.

59
NetScreen and SSG/ISG Series Firewalls / Re: How to update ScreenOS ?
« on: October 14, 2008, 10:16:11 am »
Legally, you have to purchase a support contract with Juniper.
Otherwise you have to find someone who is willing to give you a copy of the FW you require.

60
Sadly, no.

Screen options are either on, or off.

Pages: 1 2 [3] 4 5 6 7 8 ... 11