Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - haze

Pages: [1] 2 3 4 5 6 ... 8
1
NetScreen and SSG/ISG Series Firewalls / Re: nsrp config sync
« on: July 30, 2010, 02:12:38 am »
Hi,
The management ip address, nsrp priority and certain settings are not syncronized across firewalls.
Best option is
1. execute "exec nsrp sync global-config save" on backup firewall
2. reset the back-up firewall. Select "n" when prompted to save config
3. after reboot, check sync status using "exec nsrp sync global-config checksum"
Regards,
Haze

2
Hi,
Go for the screenOS appliance because of the ease of use and flexibility if offers. Cisco ASA is not flexible when dealing with different senarios as juniper. Fortinet is better than asa and has got good utm performance compared to screenOS but they are running their own proprietary virus signatures
Considering the SRX, which runs junos but in my opinion difficult to debug, not as stable yet, and gui is not good compared to screenOS.
So in my opinion ScreenOS wins for now(even though you can get an srx firewall with higher throughput for the same price as the screenOS firewall)
Regards,
Hazeen

3
SRX Platform and J-series / Re: CisCO PIX to Juniper SRX Conversion
« on: June 07, 2010, 04:57:52 am »
Hi,
I did recently conversion from PIX to ScreenOS.

There is no partner tool at juniper site for this.
I checked with Juniper PS but unfortunately it is a paid service and they are not willing to share it for free(they also told me that it would do only about 70% of the work).
The only option for me was to break up the config of the PIX into sections (interface, routes, acls, statics etc)
Then use excel and formulas to partially automate the conversion. Conversion is going to be really painful if there are lots of lines(which was the case for me ). If it is a normal enterprise firewall with few lines, it can be manually done without excel. One difficultly would be converting acls from pix, because cisco does not mention the destination zone in their acls. So you need to look at the routing table to find the destination zone when you are making corresponding policies in screenOS.
Regards,
Hazeen

4
Routers / Re: Password recovery for Juniper E-series?
« on: January 12, 2010, 04:26:42 am »
Hi,
FYI , Junos-e is the OS running on the juniper e-series edge (BRAS) routers. Its syntax is same like cisco (config t, show run, write mem etc). It is totally different from junos.
Regards,
Haze

5
Routers / Password recovery for Juniper E-series?
« on: January 09, 2010, 09:38:05 am »
Hi,
Does anyone know how to recovery/reset password for Juniper E-series running junos-e.
Regards,
Haze

6
NetScreen and SSG/ISG Series Firewalls / Re: VIP strange behaviour
« on: January 05, 2010, 01:52:55 am »
Try to debug and i am sure that will show the reason for the problem.

7
Hi,
Anyone faced issue on ISG2000 upgrade to 6.2r4. It is carrying a lot of traffic(3 gig) and i can't rule out that problem could be from other vendor equipment config(huawie) connected to ISG.
The problem is that primary reboot, secondary becomes master and when primary comes back, secondary reboots failing over. I was told that it was happening indefinitely. We fixed with downgrade to 6.2r2Also mentioning that we are suspecting the module on which HA is connected. But it was not happening in 6.2r2 so we could rule the module problem out. anyway, now it is stable.
Haze.


8
Hi,
Do you mean "0" timeout under session option for the role?
We cannot set the value to 0 as min allowed in 5 for idle timeout.
Regards,
Haze

9
Hi,
Is there any way to configure NC to not time-out?
Will integration with GINA of pc help?

Requirement is for a remote-server that needs to have the vpn up and running all the time.

Regards,
Haze

10
Hi asad,
I believe, the VIP ip will not get activated if the gateway is not reachable for the SSL appliance.(not sure about this)
Is the gateway reachable for the migrated node?
Regards,
Haze

11
Is the default resource policy *.*:* still there? Is it usually assigned to all roles.
Try deleting it.

12
NSM / Is the Nsm2008 UI using too much memory/resources?
« on: July 14, 2009, 03:07:27 am »
Hi,
I have tried installing nsm2008.1 & 2008.2 various versions and i experience that it takes long time for Nsm interface to appear and cpu/memory utilization by java is very high. Nsm2007 works fine. I have 1gig mem and 2ghz core2 processor. I have tried in other computers as well. It works properly in some new models(acer latest desktop model) but slow in other new ones(Hp latest model laptop)

Anyone experienced the similar? Any solution for this?

Regards,
Haze

13
Hi,
Thanks for all your replies.
I also found that the SRX will be replacing the SSG series plus the SRX will be much cheaper compared to similar spec SSG. I am only worried about junos. I already have configuration issues with the Junos enhanced services. I mean the learning curve to do stuff like pbr etc. It was easy in screenOS but not sure about junos es.
Regards,
Haze

14
SRX Platform and J-series / What is advantage of SRX over Netscreen?
« on: June 27, 2009, 11:29:09 pm »
Hi,
How is SRX product placed in the network infrastructure compared to netscreen firewalls(NS or ISGs)?
I am aware that SRX has higher throughput and runs junos but what are the real advantages?
Regards,
Haze

15
Hi,
i am using firefox on redhat linux. javascript is enabled in firefox. when i click on network connect start button, i can see some sort of loading screen with java but after that it comes back to the home page.

1.Any ideas on how to get NC to work in linux. i cannot use the CLI to lauch NC as i have got dual factor auth with pin.

2. Does NC work on linux 64 bit?

Regards,
Haze

16
Hi,
This issue is resolved. :-D
We uploaded a custom newpin.thtml so that when the IVE loads it, it will redirect to the swivel pin-change page. This way, the user changes his pin and then the page auto-redirects to the IVE. The user has to sign-in again.

17
Hi Robert,
The browsing tool bar setting is user user roles > UI options.
Try changing the settings.

18
Hi,

We have got juniper SA with 6.3R3 .The realm uses dual authentication servers (LDAP + Swivel Pin(radius)). The swivel will display a turing image from which user will extract the pin. Hence a custom sign-in page is used. The challenge is that when user logs in the first time into the SA, the swivel should prompt user to change pin.

We tested this functionality by changing the authentication server under realm to single authentication server(swivel). We used the same custom sign-in page If user logs in the first time, he is prompted for changing pin. So that means that pin change from swivel is working with single auth server. But this is not working when we set to dual authentication servers(Ldap + swivel). Any one can help on this. Maybe some has done similar setup with RSA?

Regards,

Haze

19
I mean that i had some intranet sites which i had defined in resource profile which no advanced settings. They were working fine in 6.3R3. But after upgrade to 6.4R1, all the sites started prompting for password. I tried the advanced SSO settings under resource profiles but did not have any luck(basic,ntlm etc). As i could not wait for long and experiment, i rolled back to 6.3r3.
Also i had opened some TAC case for some other issues and had asked them about 6.4R1. They advised me to wait for another release in 6.4 series.
Regards,
Haze

Pages: [1] 2 3 4 5 6 ... 8