Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - screenie.

Pages: 1 2 3 4 [5] 6 7 8 9 10 ... 66
81
NetScreen and SSG/ISG Series Firewalls / Re: Question regarding routing and DMZ (or something)
« on: January 18, 2010, 03:18:28 pm »
Hi Sordet,

does your routing table show the correct connected routes? (get route proto con) ?

If correct can you debug a session?

82
NetScreen and SSG/ISG Series Firewalls / Re: Performing debug on SSG running screenos
« on: December 12, 2009, 02:09:02 pm »
tunnel.2:3.3.3.3/2388->1.1.1.1/443,6<Root>


"packet dropped: for self but not interested"

I think you have management on 443 enabled system wide, but not enabled as management service on interface. That would generate this message.

83
NetScreen and SSG/ISG Series Firewalls / Re: MIP on Different Subnet Than Any Interface
« on: October 25, 2009, 04:57:10 am »
Your def route is XXX.XXX.10.193.
You have a MIP from XXX.XXX.3.41 to 172.16.125.16
So if host 172.16.125.16 connects to the outside it source will show XXX.XXX.3.41 to the outside worl right ?

Does the upstream route now to route XXX.XXX.3.41 to the firewall ???

84
NetScreen and SSG/ISG Series Firewalls / Re: Multiple public IP for just one Interface on SSG 5
« on: September 27, 2009, 04:39:52 am »
I don't think this config is possible. You need to configure the outbound interface when settingup a vpn. The termination point (and with this the IP address the other side has to connect to) will be the promary IP address of this interface.
Appart from that I don't see the need for this config. Many VPN's can connect to the same interface/IP.

85
NetScreen and SSG/ISG Series Firewalls / Re: SSG 550M port redundancy
« on: September 15, 2009, 03:38:18 pm »
Hi captain.

I'd create a rudundant interface for this. add two ports, ip settings on redundant interface and ready....

86
NetScreen and SSG/ISG Series Firewalls / Re: Juniper SSG520 Screening
« on: September 11, 2009, 03:37:24 pm »
Time for an upgrade!

87
NetScreen and SSG/ISG Series Firewalls / Re: Juniper SSG520 Screening
« on: September 09, 2009, 01:05:25 pm »
Best way is to define a separate policy and configure a sesion limit on policy. This feature is added in 6.1 I believe.

88
NetScreen and SSG/ISG Series Firewalls / Re: What does phase 2 option "rekey" do ??
« on: September 08, 2009, 02:58:13 pm »
That's what I mean!

89
NetScreen and SSG/ISG Series Firewalls / Re: I want to monitor traffic/bandwidth on one interface - SSG 550
« on: September 05, 2009, 02:48:51 pm »
For all of you who use snmp: There are MIB's on the dowload pages!

90
SRX Platform and J-series / Re: SSH V1 and SSl V 3.0 on SRX-240
« on: September 05, 2009, 07:56:14 am »
For anyone in trouble: Default the international version is shiped. SSH v2 and and encryption more then DES is in the domestic version.

91
SRX Platform and J-series / Re: Interface NAT and Policy Based VPN
« on: September 05, 2009, 07:54:30 am »
Just a thought:

add a rule above rule1. Source any destination 192.168.3.0 source-nat: from a pool with internall addresses.

Nat in security policy is pre JUNOS 9.5. in 9.5/9.6 you have to nat everything under security nat.

92
NetScreen and SSG/ISG Series Firewalls / Re: What does phase 2 option "rekey" do ??
« on: September 05, 2009, 07:48:28 am »
Without the rekey the traffic from monitoring won't keep the vpn up. With rekey the vpn does stays up.

93
NetScreen and SSG/ISG Series Firewalls / Re: I'm missing something here... [NS5GT config question]
« on: September 05, 2009, 07:46:05 am »
Ok now fill in permited ip only first internall prefix and you're there! Wireless can't manage any more. See in gui configuration -> admin -> permitted ip's

94
NetScreen and SSG/ISG Series Firewalls / Re: I'm missing something here... [NS5GT config question]
« on: September 03, 2009, 01:44:12 pm »
You misusing sub int I think. They are there for dealing with tagged traffic. But: why bot set blocking on trust zone, give accesspoint IP in secondary range you create on trust interface? Clients on wireless can't route over the firewall to wired hosts now....

95
SRX Platform and J-series / Re: VPN (Policy Based) not working after HA configured (Active Passive)
« on: September 02, 2009, 03:28:11 pm »
But did you specify reth0 as outgoing interface?

96
SRX Platform and J-series / Re: How to reduce the fan spinning speed - SRX3400
« on: September 02, 2009, 01:01:23 pm »
If there's something there definitly under chassis settings. Try set chassis ? as a starting point.

97
SRX Platform and J-series / Re: VPN (Policy Based) not working after HA configured (Active Passive)
« on: September 02, 2009, 12:59:28 pm »

Hi,

what does show log kmdlog tells you about what's going wrong?

98
NetScreen and SSG/ISG Series Firewalls / Re: ScreenOS Rollback Feature
« on: August 27, 2009, 01:17:59 pm »
Save your config to last-known-good every time you want to crate a new roolback config. When some goes wrong call sombode and let him/here type in exec rollback. That's In my opnion the easiest way when you're not using NSM. 

99
NetScreen and SSG/ISG Series Firewalls / Re: Cant Clear SA
« on: August 27, 2009, 01:12:16 pm »
Yeah you're trying to clear inactive SA's. That what the I/I under status mean. To look at active sa's use get sa active. Cost me hours when I ran in to this (:-

100
NetScreen and SSG/ISG Series Firewalls / Re: Global policy: deny + log
« on: July 07, 2009, 10:57:29 am »
Ah, Don't worry unsetting the block is overruled. When seting a global policy you allways have to write an intrazone policy to allow traffic in the zone. No risc as long as you don't gobaly allow traffic (:-

Pages: 1 2 3 4 [5] 6 7 8 9 10 ... 66